Martin Kosek wrote:
On Tue, 2011-12-06 at 18:18 -0500, Rob Crittenden wrote:
Rob Crittenden wrote:
Ensure that we always use at least 56 for minssf when communicating with
389-ds. This will prevent someone from modifying /etc/openldap/ldap.conf
in a way to put all communication in the clear.
See the ticket for testing information.
rob
Note that it should be setting minssf to 56 and not 1 here. I hadn't
committed that change yet, I'll fix before pushing if acked.
rob
If you mean changing these 2 lines:
+ if minssf<= 0:
+ minssf = 1
to
+ if minssf< 56:
+ minssf = 56
then its ACK. With this change my "ipa passwd" worked fine even with
misconfigured ssf settings in ldap.conf.
Martin
Yes, that's what I meant. Pushed to master and ipa-2-2
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel