Re: [Freeipa-devel] [PATCH 0061] Remove 50-lockout-policy.update file
On Thu, 29 Oct 2015, Gabe Alford wrote: Hello, Fix for https://fedorahosted.org/freeipa/ticket/5418 ACK but can you please add something like this in the commit message: Remove lockout policy update file because all currently supported FreeIPA versions already have krbPwdMaxFailure defaulting to 6 and krbPwdLockoutDuration defaulting to 600. Keeping lockout policy update file prevents from creating a more strict policy in environments where it is subject to regulatory compliance. Thanks, Gabe From 7a9086162717bc414a1d65ea71a2d65729f6fa7e Mon Sep 17 00:00:00 2001 From: GabeDate: Thu, 29 Oct 2015 20:30:35 -0600 Subject: [PATCH] Remove 50-lockout-policy.update file https://fedorahosted.org/freeipa/ticket/5418 --- install/updates/50-lockout-policy.update | 4 install/updates/Makefile.am | 1 - 2 files changed, 5 deletions(-) delete mode 100644 install/updates/50-lockout-policy.update diff --git a/install/updates/50-lockout-policy.update b/install/updates/50-lockout-policy.update deleted file mode 100644 index a5730709e2b649466118502ece1cc530c10e0b40.. --- a/install/updates/50-lockout-policy.update +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX -replace:krbPwdLockoutDuration:10::600 -replace: krbPwdMaxFailure:3::6 - diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 26e4c04ed66a4a2061a3bb3ca2f4a6cd84502598..04ddeb96de4e88d5909f13b13885d3207184e798 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -39,7 +39,6 @@ app_DATA =\ 45-roles.update \ 50-7_bit_check.update \ 50-dogtag10-migration.update\ - 50-lockout-policy.update\ 50-groupuuid.update \ 50-hbacservice.update \ 50-krbenctypes.update \ -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0061] Remove 50-lockout-policy.update file
On Fri, 30 Oct 2015, Gabe Alford wrote: From 24bcde6042d90322883350b5fd97aa41f2e4d77d Mon Sep 17 00:00:00 2001 From: GabeDate: Fri, 30 Oct 2015 06:27:11 -0600 Subject: [PATCH] Remove 50-lockout-policy.update file Remove lockout policy update file because all currently supported versions have krbPwdMaxFailure defaulting to 6 and krbPwdLockoutDuration defaulting to 600. Keeping lockout policy update file prevents from creating a more scrict policy in environments subject to regulatory compliance https://fedorahosted.org/freeipa/ticket/5418 --- install/updates/50-lockout-policy.update | 4 install/updates/Makefile.am | 1 - 2 files changed, 5 deletions(-) delete mode 100644 install/updates/50-lockout-policy.update ACK -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
Re: [Freeipa-devel] [PATCH 0061] Remove 50-lockout-policy.update file
Can do Alexander. Here is the updated patch. Gabe On Fri, Oct 30, 2015 at 12:56 AM, Alexander Bokovoywrote: > On Thu, 29 Oct 2015, Gabe Alford wrote: > >> Hello, >> >> Fix for https://fedorahosted.org/freeipa/ticket/5418 >> > ACK but can you please add something like this in the commit message: > > > Remove lockout policy update file because all currently supported > FreeIPA versions already have krbPwdMaxFailure defaulting to 6 and > krbPwdLockoutDuration defaulting to 600. > > Keeping lockout policy update file prevents from creating a more strict > policy in environments where it is subject to regulatory compliance. > > > >> Thanks, >> >> Gabe >> > > From 7a9086162717bc414a1d65ea71a2d65729f6fa7e Mon Sep 17 00:00:00 2001 >> From: Gabe >> Date: Thu, 29 Oct 2015 20:30:35 -0600 >> Subject: [PATCH] Remove 50-lockout-policy.update file >> >> https://fedorahosted.org/freeipa/ticket/5418 >> --- >> install/updates/50-lockout-policy.update | 4 >> install/updates/Makefile.am | 1 - >> 2 files changed, 5 deletions(-) >> delete mode 100644 install/updates/50-lockout-policy.update >> >> diff --git a/install/updates/50-lockout-policy.update >> b/install/updates/50-lockout-policy.update >> deleted file mode 100644 >> index >> a5730709e2b649466118502ece1cc530c10e0b40.. >> --- a/install/updates/50-lockout-policy.update >> +++ /dev/null >> @@ -1,4 +0,0 @@ >> -dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX >> -replace:krbPwdLockoutDuration:10::600 >> -replace: krbPwdMaxFailure:3::6 >> - >> diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am >> index >> 26e4c04ed66a4a2061a3bb3ca2f4a6cd84502598..04ddeb96de4e88d5909f13b13885d3207184e798 >> 100644 >> --- a/install/updates/Makefile.am >> +++ b/install/updates/Makefile.am >> @@ -39,7 +39,6 @@ app_DATA =\ >> 45-roles.update \ >> 50-7_bit_check.update \ >> 50-dogtag10-migration.update\ >> - 50-lockout-policy.update\ >> 50-groupuuid.update \ >> 50-hbacservice.update \ >> 50-krbenctypes.update \ >> -- >> 2.4.3 >> >> > -- >> Manage your subscription for the Freeipa-devel mailing list: >> https://www.redhat.com/mailman/listinfo/freeipa-devel >> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code >> > > > -- > / Alexander Bokovoy > From 24bcde6042d90322883350b5fd97aa41f2e4d77d Mon Sep 17 00:00:00 2001 From: Gabe Date: Fri, 30 Oct 2015 06:27:11 -0600 Subject: [PATCH] Remove 50-lockout-policy.update file Remove lockout policy update file because all currently supported versions have krbPwdMaxFailure defaulting to 6 and krbPwdLockoutDuration defaulting to 600. Keeping lockout policy update file prevents from creating a more scrict policy in environments subject to regulatory compliance https://fedorahosted.org/freeipa/ticket/5418 --- install/updates/50-lockout-policy.update | 4 install/updates/Makefile.am | 1 - 2 files changed, 5 deletions(-) delete mode 100644 install/updates/50-lockout-policy.update diff --git a/install/updates/50-lockout-policy.update b/install/updates/50-lockout-policy.update deleted file mode 100644 index a5730709e2b649466118502ece1cc530c10e0b40.. --- a/install/updates/50-lockout-policy.update +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX -replace:krbPwdLockoutDuration:10::600 -replace: krbPwdMaxFailure:3::6 - diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 26e4c04ed66a4a2061a3bb3ca2f4a6cd84502598..04ddeb96de4e88d5909f13b13885d3207184e798 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -39,7 +39,6 @@ app_DATA =\ 45-roles.update \ 50-7_bit_check.update \ 50-dogtag10-migration.update \ - 50-lockout-policy.update \ 50-groupuuid.update \ 50-hbacservice.update \ 50-krbenctypes.update \ -- 1.8.3.1 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
[Freeipa-devel] [PATCH 0061] Remove 50-lockout-policy.update file
Hello, Fix for https://fedorahosted.org/freeipa/ticket/5418 Thanks, Gabe From 7a9086162717bc414a1d65ea71a2d65729f6fa7e Mon Sep 17 00:00:00 2001 From: GabeDate: Thu, 29 Oct 2015 20:30:35 -0600 Subject: [PATCH] Remove 50-lockout-policy.update file https://fedorahosted.org/freeipa/ticket/5418 --- install/updates/50-lockout-policy.update | 4 install/updates/Makefile.am | 1 - 2 files changed, 5 deletions(-) delete mode 100644 install/updates/50-lockout-policy.update diff --git a/install/updates/50-lockout-policy.update b/install/updates/50-lockout-policy.update deleted file mode 100644 index a5730709e2b649466118502ece1cc530c10e0b40.. --- a/install/updates/50-lockout-policy.update +++ /dev/null @@ -1,4 +0,0 @@ -dn: cn=global_policy,cn=$REALM,cn=kerberos,$SUFFIX -replace:krbPwdLockoutDuration:10::600 -replace: krbPwdMaxFailure:3::6 - diff --git a/install/updates/Makefile.am b/install/updates/Makefile.am index 26e4c04ed66a4a2061a3bb3ca2f4a6cd84502598..04ddeb96de4e88d5909f13b13885d3207184e798 100644 --- a/install/updates/Makefile.am +++ b/install/updates/Makefile.am @@ -39,7 +39,6 @@ app_DATA =\ 45-roles.update \ 50-7_bit_check.update \ 50-dogtag10-migration.update \ - 50-lockout-policy.update \ 50-groupuuid.update \ 50-hbacservice.update \ 50-krbenctypes.update \ -- 2.4.3 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code