[krbdev.mit.edu #6718] SVN Commit
Tom Yu via RT
rt-comment at krbdev.mit.edu
Wed May 19 14:52:47 EDT 2010
pull up r24002 from trunk
------------------------------------------------------------------------
r24002 | ghudson | 2010-05-10 18:23:57 -0400 (Mon, 10 May 2010) | 14 lines
ticket: 6718
subject: Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP
target_version: 1.8.2
tags: pullup
In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine
whether krbLoginFailedCount existed on the entry when it was
retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT,
and don't assert an old value when not using LDAP_MOD_INCREMENT.
Also, create the krbLoginFailedCount attribute when creating new
entries. This allows us to use LDAP_MOD_INCREMENT during the first
failed login (if the server supports it), avoiding a race condition.
http://src.mit.edu/fisheye/changelog/krb5/?cs=24061
Commit By: tlyu
Revision: 24061
Changed Files:
U branches/krb5-1-8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c
More information about the krb5-bugs
mailing list