Bug 431784 - RFE: Support for Directory Server specify account lock attribute
RFE: Support for Directory Server specify account lock attribute
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: krb5 (Show other bugs)
5.2
All Linux
high Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
Brian Brock
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-02-06 17:27 EST by Simo Sorce
Modified: 2008-05-21 11:28 EDT (History)
1 user (show)

See Also:
Fixed In Version: RHBA-2008-0381
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-21 11:28:36 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
ldap backend patch (2.66 KB, text/x-patch)
2008-02-06 17:28 EST, Simo Sorce
no flags Details
spec file patch (1.97 KB, patch)
2008-02-06 17:29 EST, Simo Sorce
no flags Details | Diff

  None (edit)
Description Simo Sorce 2008-02-06 17:27:41 EST
The kerberos packages have (compile time) support for attributes specific to
eDirectory to check for account locking.
A patch that implement support for RH Directory Server nsAccountLock attribute
would be useful.
Comment 1 Simo Sorce 2008-02-06 17:28:57 EST
Created attachment 294169 [details]
ldap backend patch

Reference patch to provide support for nsAccountLock initially built for Fedora
8
Comment 2 Simo Sorce 2008-02-06 17:29:34 EST
Created attachment 294170 [details]
spec file patch

Reference patch bvuilt against an Fedora 8 package
Comment 4 Nalin Dahyabhai 2008-02-06 19:12:04 EST
Does it make sense for kadmin clients which toggle the DISALLOW_ALL_TIX flag to
attempt to change the nsAccountLock setting as well, then?
Comment 5 Simo Sorce 2008-02-06 19:43:39 EST
Not sure, when you use a directory server as storage kadmin is not really the
best tool to manage accounts anyway.
Comment 6 Ken Reilly 2008-02-08 12:40:32 EST
Nalin, As we just discussed please continue to work on the technical resolution
and test plan for this exception. Both actions need to be completed on/before
3-March-2008, or this exception will not be considered for RHEL5.2. 
Comment 7 Nalin Dahyabhai 2008-02-08 18:07:51 EST
> Not sure, when you use a directory server as storage kadmin is not really the
> best tool to manage accounts anyway.

I'm not generally keen on that rationale, but as the support for similar account
locking facilities with eDirectory is likewise read-only, this is at least
consistent with what's already there.
Comment 14 errata-xmlrpc 2008-05-21 11:28:36 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2008-0381.html

Note You need to log in before you can comment on or make changes to this bug.