Hello, in a situation when freeipa is exposed interface to the internet, there would be bolts trying to bruteforce admin account that made it locked. I come with modsecurity setting for the nss.conf:
SecRule ARGS:user "@contains admin" "id:1234,deny,status:403"' Admin user is no longer avaliable from UI, Kerberos login is not affected, cli and WebUI login for other users are not affected. Can it brake something? -- With best regards, Andrey Bondarenkomail:me@andreybondarenko.comhttps://andreybondarenko.com skype:andrey.bondarenko phone, Telegram, WhatsApp, etc:+420-773-591-443 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
