On 01/28/2011 10:39 AM, Simo Sorce wrote:
Rirst of all. I am glad this was resolved, it looked puzzling indeed. I just want to note that we do not support using the DS password policy in ipa as we already have the kerberos pw policy, that's why the uid=kdc was not "protected" against it. In v2 we perfected the pw policies check so that the kerberos policies covers also binds done against DS directly.
Just to clarify, in v2 Kerberos password policies also cover ldap binds?
I also am adding a patch so that uid=kdc is protected in case DS policy is enabled nonetheless for whatever reason. Simo.
_______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users