[freeipa PR#5203][opened] On password reset also set krbLastAdminUnlock to unlock account
URL: https://github.com/freeipa/freeipa/pull/5203 Author: rcritten Title: #5203: On password reset also set krbLastAdminUnlock to unlock account Action: opened
PR body: """ On password reset also set krbLastAdminUnlock to unlock account
This fixes the case where an account is locked on one or more servers and the password is reset by an administrator. The account would remain locked on those servers for the duration of the lockout.
This is done by setting krbLastAdminUnlock to the current date and time. The lockout plugin will see this and unlock the account. Since the value should be replicated along with the password any server that has the new password will also be unlocked.
This does incur an additional attribute that must be replicated, whether it is needed or not, but since lockout is computed per-server this is the only guaranteed way to be sure that the account will be unlocked everywhere.
https://pagure.io/freeipa/issue/8551
Signed-off-by: Rob Crittenden rcritten@redhat.com """
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5203/head:pr5203 git checkout pr5203
URL: https://github.com/freeipa/freeipa/pull/5203 Author: rcritten Title: #5203: On password reset also set krbLastAdminUnlock to unlock account Action: closed
To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/5203/head:pr5203 git checkout pr5203
freeipa-devel@lists.fedorahosted.org
-
abbra -
rcritten