]> git.ipfire.org Git - thirdparty/samba.git/commit
projects / thirdparty / samba.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8afe270) | patch
kdc: Rotate smart-card only underlying password in 2nd half of lifetime
authorAndrew Bartlett <abartlet@samba.org>
Fri, 17 May 2024 05:34:36 +0000 (17:34 +1200)
committerAndrew Bartlett <abartlet@samba.org>
Mon, 10 Jun 2024 04:27:31 +0000 (04:27 +0000)
commit491b79d445d54f56ba8dfea978da322e1fc16c44
tree920735a00fe596fb66f729501184a0a230798215tree | snapshot
parent8afe27058b08ff30d2650bb4fec92f56fa418e6acommit | diff
kdc: Rotate smart-card only underlying password in 2nd half of lifetime

This is a measure to avoid multiple servers rotating the password
but means that the maximum password age really must be set to
twice the TGT lifetime, eg a default of 20 hours.  The internet
suggestions of 1 day for this feature should work fine.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
selftest/knownfail_heimdal_kdc diff | blob | blame | history
source4/kdc/db-glue.c diff | blob | blame | history
Mirror of https://github.com/samba-team/samba.git