Bug 1089250
| Summary: | Expired shadow policy user(shadowLastChange=0) is not prompted for password change | |||
|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Kaushik Banerjee <kbanerje> | |
| Component: | sssd | Assignee: | Jakub Hrozek <jhrozek> | |
| Status: | CLOSED ERRATA | QA Contact: | Kaushik Banerjee <kbanerje> | |
| Severity: | unspecified | Docs Contact: | ||
| Priority: | unspecified | |||
| Version: | 7.0 | CC: | apeetham, dpal, grajaiya, jgalipea, lslebodn, mkosek, mvadkert, pbrezina, preichl | |
| Target Milestone: | rc | Keywords: | Regression | |
| Target Release: | --- | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | sssd-1.12.1-1.el7 | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1111528 (view as bug list) | Environment: | ||
| Last Closed: | 2015-03-05 10:27:47 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1111528 | |||
|
Description
Kaushik Banerjee
2014-04-18 11:00:17 UTC
Upstream ticket: https://fedorahosted.org/sssd/ticket/2323 This looks like a regression in 1.11 version of sssd. I tried this on rhel6.5 and saw the password prompt appearing: # ssh -l shadowuser1 localhost shadowuser1@localhost's password: Password expired. Change your password now. WARNING: Your password has expired. You must change your password now and login again! Changing password for user shadowuser1. Current Password: master: 06ba69972e6728f97f5adbcc3cc4df811a831f53 sssd-1-11: 7454855b9b5117a13fe86fb93b9cc870323ccd20 Verified with version 1.12.2-12.el7 Output from beaker automation run: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: shadow7: bz 1089250 Account expired :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: modifying entry "uid=shadowuser1,ou=Users,dc=example,dc=com" Redirecting to /bin/systemctl stop sssd.service Redirecting to /bin/systemctl start sssd.service spawn ssh -o StrictHostKeyChecking=no -l shadowuser1 localhost shadowuser1@localhost's password: Password expired. Change your password now. WARNING: Your password has expired. You must change your password now and login again! Changing password for user shadowuser1. Current Password: New password: Retype new password: :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Found shadow password expiration attributes' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Last change day is not set, new password needed' :: [ PASS ] :: File '/var/log/sssd/sssd_LDAP.log' should contain 'Initial authentication for change password operation successful' modifying entry "uid=shadowuser1,ou=Users,dc=example,dc=com" modifying entry "uid=shadowuser1,ou=Users,dc=example,dc=com" shadow7 result: PASS Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2015-0441.html |