pull up r25480 from trunk

 ------------------------------------------------------------------------
 r25480 | ghudson | 2011-11-20 00:19:45 -0500 (Sun, 20 Nov 2011) | 13 lines

 ticket: 7021
 subject: Fix failure interval of 0 in LDAP lockout code
 target_version: 1.10
 tags: pullup

 A failure count interval of 0 caused krb5_ldap_lockout_check_policy to
 pass the lockout check (but didn't cause a reset of the failure count
 in krb5_ldap_lockout_audit).  It should be treated as forever, as in
 the DB2 back end.

 This bug is the previously unknown cause of the assertion failure
 fixed in CVE-2011-1528.

https://github.com/krb5/krb5/commit/741ead4255452a105cbac12382be58ad3a2b670a
Commit By: tlyu
Revision: 25512
Changed Files:
U   branches/krb5-1-10/src/kadmin/cli/kadmin.M
U   branches/krb5-1-10/src/plugins/kdb/ldap/libkdb_ldap/lockout.c