Bug 432865

Summary: unable to handle enforced password changes
Product: Red Hat Enterprise Linux 5 Reporter: Suzanne Hillman <shillman>
Component: krb5-auth-dialogAssignee: Denise Dumas <ddumas>
Status: CLOSED WONTFIX QA Contact: desktop-bugs <desktop-bugs>
Severity: low Docs Contact:
Priority: medium    
Version: 5.1CC: benl, ddumas, dpal, nalin, riek, shillman, syeghiay
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-02 13:07:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 431020    

Description Suzanne Hillman 2008-02-14 20:32:40 UTC 
Description of problem:
krb5-auth-dialog seems unable to handle enforced password changes. This comes up
in relation to new users in ipa server.

I had previously had vnc setup with the 'testing' account on the IPA server I'm
currently testing on, and had kinit shillman there for testing the UI with a
non-admin user.
 
I then proceeded to uninstall the server, using the --uninstall flag. Then, I
reinstalled, recreated the shillman user on the server, and logged into the
restarted 'testing' VNC session on the server.

At this point I got a UI pop up fram kerberos telling me that shillman's key had
expired and I needed to login again.

I did, then it said something about changing my password, which I also tried to
do. But then, within a minute or twn, it said I was expired and needed to enter
my password, and then change it, again. This just kept happening until I kinit
shtillman at the commandline prompt, and it had me change my password there.

I suspect a similar effect would be had by having a local IPA client into 
which one were to login via gdm, but as I have no such local client, I am unsure.

Version-Release number of selected component (if applicable):
krb5-auth-dialog-0.7-1
Comment 1 Chandrasekar Kannan 2008-05-08 23:53:26 UTC 
nalin/cailion - could we get this into rhel 5.3 ?
Comment 2 Nalin Dahyabhai 2008-05-16 21:14:12 UTC 
Should be doable.  Changing CC from myself to Chris, because this one's already
assigned to me.
Comment 3 David O'Brien 2008-06-16 02:54:28 UTC 
Added to 1.0 Release Notes.
Comment 4 RHEL Program Management 2008-07-21 23:06:44 UTC 
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 7 RHEL Program Management 2009-03-26 16:54:57 UTC 
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 13 RHEL Program Management 2014-03-07 12:43:30 UTC 
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Comment 14 RHEL Program Management 2014-06-02 13:07:02 UTC 
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).
Comment 15 Red Hat Bugzilla 2023-09-14 01:11:57 UTC 
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days