Bug 588366
Summary: | User account locked after only 1 password mistype with domain authentication | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Eri Ramos Bastos <eri.bastos> |
Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Zbysek MRAZ <zmraz> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 6.0 | CC: | dpal, ebenes, jplans |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | krb5-1.7.1-1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-11-10 21:01:05 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Eri Ramos Bastos
2010-05-03 15:03:29 UTC
This is probably some problem in pam_krb5. Or in your configuration of it. The user is locked out forever so you can't log in even after reconnecting? Yes, account gets locked until an administrator goes to a domain controller and uncheck the "Account is locket out" under the user's properties. Here is how I configure the domain authentication in all servers*: authconfig --enablecache --enablenis --enableshadow --enablekrb5 \ --enablelocauthorize --nisdomain=DomainName --nisserver=domain.name \ --krb5realm=DOMAIN.NAME --krb5kdc=domain.name \ --krb5adminserver=domain.name --update *Except RHEL 4, which does not have the option --update. Everything else is the same. Is this with krb5-libs 1.7? I ask because this was a known problem in 1.7 (bug #542687, bug #554351), but it should be fixed in any later version, including versions that hit the repository after beta 1. If the client is running something later than 1.7, do you have information on what the domain controller's lockout policy is, particularly if they've been changed from the factory defaults? Yes, looks like we are talking about the same bug. [root@crash ~]# rpm -qa krb* krb5-devel-1.7-18.el6.i686 krb5-libs-1.7-18.el6.i686 krb5-workstation-1.7-18.el6.i686 I should have included Fedora bugs on my search when I was looking for this problem. Sorry about that. This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux major release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux Major release. This request is not yet committed for inclusion. No worries. Now we have one that'll show up when people search this product. Trees after beta 1 should have 1.7.1 or 1.8 or 1.8.1 in them, so I'll move this to modified. Red Hat Enterprise Linux 6.0 is now available and should resolve the problem described in this bug report. This report is therefore being closed with a resolution of CURRENTRELEASE. You may reopen this bug report if the solution does not work for you. |