42263a5 password policy: Add explicit default password policy for hosts and services

Authored and Committed by dkupka 7 years ago
    password policy: Add explicit default password policy for hosts and services
    
    Set explicitly krbPwdPolicyReference attribute to all hosts (entries in
    cn=computers,cn=accounts), services (entries in cn=services,cn=accounts) and
    Kerberos services (entries in cn=$REALM,cn=kerberos). This is done using DS's
    CoS so no attributes are really added.
    
    The default policies effectively disable any enforcement or lockout for hosts
    and services. Since hosts and services use keytabs passwords enforcements
    doesn't make much sense. Also the lockout policy could be used for easy and
    cheap DoS.
    
    https://fedorahosted.org/freeipa/ticket/6561
    
    Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
    
        
file modified
+1 -0
file modified
+1 -0