We currently do not honour the krbprincipalexpiration attribute for LDAP binds. A simple place to check and deny auth would be to check for it in the pre_bind operation.
3.4 development was shifted for one month, moving tickets to reflect reality better.
Linking with the right Bugzilla (previous closed as duplicate).
Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.
This ticket is not complete yet, moving to next month milestone.
Fixed upstream master:
Metadata Update from @simo: - Issue assigned to tbabej - Issue set to the milestone: FreeIPA 4.0 - 2014/04
Login to comment on this ticket.