Bug 510740
Summary: | ipa pwpolicy maxlife: Need to define and enforce acceptable data ranges | ||
---|---|---|---|
Product: | [Retired] freeIPA | Reporter: | Jenny Severance <jgalipea> |
Component: | ipa-admintools | Assignee: | Rob Crittenden <rcritten> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | medium | Docs Contact: | |
Priority: | high | ||
Version: | 2.0 | CC: | benl, dpal, jgalipea |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-27 07:16:23 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 431020 |
Description
Jenny Severance
2009-07-10 14:32:15 UTC
There is no traceback anymore. Even if MAX limits are set for parameters on IPA commands, values that do not fit the required types will produce this error message (but w/o traceback, so I think it's OK). # ./ipa pwpolicy-mod --maxlife=3000000000 ipa: ERROR: invalid 'krbmaxpwdlife': need a <type 'int'>; got 3000000000L (a <type 'long'>) # ./ipa pwpolicy-mod --maxlife=10000 ipa: ERROR: invalid 'krbmaxpwdlife': can be at most 1000 That's just the way the framework works - type checking precedes bound checking. *** Bug 510739 has been marked as a duplicate of this bug. *** *** Bug 510735 has been marked as a duplicate of this bug. *** verified # ipa pwpolicy-mod --maxlife=3000000000 ipa: ERROR: invalid 'maxlife': can be at most 2147483647 # ipa pwpolicy-mod --maxlife=10000 Group: global_policy Max lifetime (days): 10000 Min lifetime (hours): 24 History size: 0 Character classes: 0 Min length: 8 Max failures: 6 Failure reset interval: 60 Lockout duration: 600 [root@dhcp-100-19-202 data]# ipa pwpolicy-mod --maxlife=2147483648 ipa: ERROR: invalid 'maxlife': can be at most 2147483647 # ipa pwpolicy-mod --maxlife=-1 ipa: ERROR: invalid 'maxlife': must be at least 0 # rpm -qi ipa-server | head Name : ipa-server Relocations: (not relocatable) Version : 2.0.0 Vendor: Red Hat, Inc. Release : 23.el6 Build Date: Wed 20 Apr 2011 09:57:13 AM EDT Install Date: Thu 19 May 2011 12:47:52 PM EDT Build Host: x86-003.build.bos.redhat.com Group : System Environment/Base Source RPM: ipa-2.0.0-23.el6.src.rpm Size : 2565882 License: GPLv3+ Signature : RSA/8, Thu 21 Apr 2011 03:48:25 PM EDT, Key ID 199e2f91fd431d51 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : The IPA authentication server |