On 01/22/2015 09:27 AM, Lukas Slebodnik wrote:
On (21/01/15 11:52), Pavel Reichl wrote:
Hello,
please see attached patches.
Does it make sense to check on cases when pwdAccountLockedTime is some future
time event?
If agreed to I'll send patch adding test for new utility function
convert_time().
Thanks!
>From 4560b5d52e2c816df7b6479908a63cad6bbb8622 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <prei...@redhat.com>
Date: Mon, 19 Jan 2015 03:24:09 -0500
Subject: [PATCH 1/3] SDAP: new option - pwdlocking natural/only by admin
This is a follow up to #2364.
To distinguish user locked out from accessing machine via SSH if an
account was administratively locked (pwdAccountLockedTime set to
000001010000Z) in the OpenLDAP Password Policy overlay or if user
password is locked out from natural reasons (too many attempts, expired
password).
Part of solution for:
https://fedorahosted.org/sssd/ticket/2534
---
@see https://lists.fedorahosted.org/pipermail/sssd-devel/2014-August/020467.html
see commit in master: 022456e93c9b175ce3774afe524e3926f41ba80f
>From 84385a53068c4832d1c66eb3a767c8e553b24b4f Mon Sep 17 00:00:00 2001
From: Pavel Reichl <prei...@redhat.com>
Date: Tue, 20 Jan 2015 16:27:41 -0500
Subject: [PATCH 2/3] UTIL: convert general time to unix time
New utility function *convert_time* to convert 'general time' to
'unix time'.
---
>From c5fc4ea54bab0a9933148f4ef22a2d28cd5c71a7 Mon Sep 17 00:00:00 2001
From: Pavel Reichl <prei...@redhat.com>
Date: Tue, 20 Jan 2015 18:34:44 -0500
Subject: [PATCH 3/3] SDAP: Lock out ssh keys when account naturally expires
Resolves:
https://fedorahosted.org/sssd/ticket/2534
---
Have you considered to write unit test?
For the second patch, yes.
LS
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
