URL:
https://github.com/freeipa/freeipa/pull/5203
Author: rcritten
Title: #5203: On password reset also set krbLastAdminUnlock to unlock account
Action: opened
PR body:
"""
On password reset also set krbLastAdminUnlock to unlock account
This fixes the case where an account is locked on one or more servers
and the password is reset by an administrator. The account would
remain locked on those servers for the duration of the lockout.
This is done by setting krbLastAdminUnlock to the current date and
time. The lockout plugin will see this and unlock the account. Since
the value should be replicated along with the password any server
that has the new password will also be unlocked.
This does incur an additional attribute that must be replicated,
whether it is needed or not, but since lockout is computed
per-server this is the only guaranteed way to be sure that the
account will be unlocked everywhere.
https://pagure.io/freeipa/issue/8551
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5203/head:pr5203
git checkout pr5203