Simo Sorce wrote:
On Tue, 2012-12-04 at 15:03 -0500, Rob Crittenden wrote:
Simo Sorce wrote:
On Tue, 2012-12-04 at 11:51 -0500, Rob Crittenden wrote:
Two options were added to the kdb backend to disable writes. The
ipa_lockout plugin needs to honor these as well.
Oh I saw it assigned to me and was going to propose a similar patch.
Thanks for getting there first :-)
But one q. I wonder if we shouldn't share the code to audit stuff
between the kdb plugin and the ldap plugin, this split sounds like it is
going to byte us again if we need to change behavior.
What do you think ?
Simo.
I figured that since I wrote the lockout plugin I should fix this :-)
I think that sharing the logic of the lockout is a great idea. I'm not
entirely sure if all the LDAP-ey code can be made totally generic (one
runs as an internal plugin of 389-ds, the other other in side the KDC)
but at least the evaluation logic can be consolidated.
We already share code between the password plugin and the kdb driver for
password relate stuff, we just need to be smart :-)
Are you proposing that as part of this fix or as a future enhancement?
Nah, let's open a ticket for 3.2, I do not want to delay this fix, which
*is* sufficient to address the bug.
So ACK.
Simo.
pushed to master and ipa-3-0
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
