Re: [389-users] Bind to consumer binds to provider as well

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Gerrard Geldenhuis wrote:
>>> When I do a bind to the consumer(slave) I also see a bind to the
>>> provider(master) this seems really silly. My understanding is that
>>> this behaviour is caused by needing to centrally store login attempts.
>>> I have raised this matter previously but just wanted to double check
>>> that the behaviour I am seeing is expected and not due to a
>>> misconfiguration on our part.
>>>
>>>       
>> Are you using Chain On Update for Binds?
>> http://directory.fedoraproject.org/wiki/Howto:ChainOnUpdate
>>     
>
> We are indeed, we used that howto to set it up. Reading it now again it does say it will use the chaining backend for binds. Why is that?
In order to have global password policy.  Let's say for example that you 
have password policy which states accounts are locked out after 3 
unsuccessful login attempts.  If you have 5 directory servers, each with 
local password policy, that effectively means an attacker has 15 tries 
to guess the password instead of 3.
> If we replicate changes down to the consumer how can the data be "fresher" than the consumer?
>   
If the password policy attributes are updated on the master(s) and 
pushed to the consumer(s), they are all equally "fresh".
> Regards
>
> ________________________________________________________________________
> In order to protect our email recipients, Betfair Group use SkyScan from 
> MessageLabs to scan all Incoming and Outgoing mail for viruses.
>
> ________________________________________________________________________
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
>   

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux