On Fri, 28 Jan 2011 17:39:14 -0500
James Roman <james.ro...@ssaihq.com> wrote:

> On 01/28/2011 10:39 AM, Simo Sorce wrote:
> >
> > Rirst of all.
> > I am glad this was resolved, it looked puzzling indeed.
> >
> > I just want to note that we do not support using the DS password
> > policy in ipa as we already have the kerberos pw policy, that's why
> > the uid=kdc was not "protected" against it.
> >
> > In v2 we perfected the pw policies check so that the kerberos
> > policies covers also binds done against DS directly.
> Just to clarify, in v2 Kerberos password policies also cover ldap
> binds?

Yes with have a bind pre/post op plugin that enforces the same
account/password policies for ldap binds too.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to