From 49204ef76a83dcc3e8f6f152980562b8ce5433e0 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 21 Jan 2011 05:00:53 +0000 Subject: [PATCH] Fix edge case in LDAP last_admin_unlock processing In the LDAP KDB module, set appropriate flags when zeroing entry->fail_auth_count due to an administrative unlock. ticket: 6849 target_version: 1.9.1 tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@24601 dc483132-0cff-0310-8789-dd5450dbe970 --- src/plugins/kdb/ldap/libkdb_ldap/lockout.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c index 509c692e6..a218dc7e0 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/lockout.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/lockout.c @@ -196,6 +196,7 @@ krb5_ldap_lockout_audit(krb5_context context, entry->last_failed <= unlock_time) { /* Reset fail_auth_count after administrative unlock. */ entry->fail_auth_count = 0; + entry->mask |= KADM5_FAIL_AUTH_COUNT; } if (failcnt_interval != 0 && -- 2.26.2