Christian Heimes
Christian Heimes
IPA will keep the old user names as Kerberos principal names. You'll be able to get back to your old name because it's still reserved for you. An admin can...
The information is not stored in LDAP. The requirement was not part of the initial design. You might be able to reconstruct the information from HTTPd error log. The error...
I don't have a hard opinion. If you implement the feature request, then you should protect it with an additional verification step, e.g. require re-authentication with a valid password and...
Did you create your OTP token with additional options? Some OTP apps ignore extended options and do not supported HMAC-SHA256 or 8 digit OTPs.
What kind of yubikey integration are you looking for? HOTP slot? U2F? PIV smart card? YubiCloud validation server? IPA has the ``ipa otptoken-add-yubikey`` client-side command to enrol an yubikey. This...
> > If we do this plan, does IPA expose all those users? ie, would someone be able to make an account, have it in spamcheck_manual or spamcheck: failed and...
I suggest a multi-valued attribute to track why a user has been locked. IIRC the user may also get locked by password policy plugin (too many failed logins).
Not easily, you would have to write a 389-DS plugin in C and extend the KDC plugins in C to hook up an additional attribute.
Don't use the functions, they are buggy and won't get fixed until OpenSSL 4.0. I wasn't aware about the bug when I introduced them in Python. See @davidben 's bug...
My example works when I replace `recv()` with `read()`. But it's kinda the wrong API call. Portable applications like Python interpreter use `recv()` because `read()` does not work with sockets...