7077622 Detect default encsalts kadmin password change

7 files Authored by simo 8 years ago, Committed by pvoborni 8 years ago,
    Detect default encsalts kadmin password change
    
    When kadmin tries to change a password it will get the allowed keysalts
    from the password policy. Failure to provide them will result in kadmin
    using the defaults specified in the kdc.conf file or hardcoded defaults
    (the default salt is then of type NORMAL).
    
    This patch provides the supported values that have been read out of the
    appropriate LDAP attribute when we read the server configuration.
    
    Then at actual password change, check if kadmin is handing us back the exact
    list of supported encsalts we sent it, and in that case replace it with the
    real default encsalts.
    
    Fixes https://fedorahosted.org/freeipa/ticket/4914
    
    Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
    
        
file modified
+38 -0
file modified
+2 -0
file modified
+85 -0
file modified
+2 -0