Content-Type: text/plain Content-Disposition: inline Content-Transfer-Encoding: binary MIME-Version: 1.0 X-Mailer: MIME-tools 5.427 (Entity 5.427) From: tlyu@mit.edu Subject: SVN Commit RT-Send-CC: X-RT-Original-Encoding: iso-8859-1 Content-Length: 973 pull up r24002 from trunk ------------------------------------------------------------------------ r24002 | ghudson | 2010-05-10 18:23:57 -0400 (Mon, 10 May 2010) | 14 lines ticket: 6718 subject: Make KADM5_FAIL_AUTH_COUNT_INCREMENT more robust with LDAP target_version: 1.8.2 tags: pullup In krb5_ldap_put_principal, use krb5_get_attributes_mask to determine whether krbLoginFailedCount existed on the entry when it was retrieved. If it didn't exist, don't try to use LDAP_MOD_INCREMENT, and don't assert an old value when not using LDAP_MOD_INCREMENT. Also, create the krbLoginFailedCount attribute when creating new entries. This allows us to use LDAP_MOD_INCREMENT during the first failed login (if the server supports it), avoiding a race condition. https://github.com/krb5/krb5/commit/495bd381837c3dbde0ef88cdbc1fc0ee99ac596b Commit By: tlyu Revision: 24061 Changed Files: U branches/krb5-1-8/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c