Bug 627022

Summary: Incorrect handling of password expiration
Product: [Fedora] Fedora Reporter: Rob Crittenden <rcritten>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: medium Docs Contact:
Priority: low    
Version: 14CC: nalin
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://krbdev.mit.edu/rt/Ticket/Display.html?user=guest&pass=guest&id=6762
Whiteboard:
Fixed In Version: krb5-1.8.2-4.fc14 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 627038 627039 (view as bug list) Environment:
Last Closed: 2010-09-04 05:15:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 627038, 627039    

Description Rob Crittenden 2010-08-24 21:34:55 UTC 
Description of problem:

There are two occurences of this line in src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c lines 2085 and 2142:

    if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {

KDB_PRINC_EXPIRE_TIME_ATTR is defined as 0x80, it will never == 1.

This is causing the krbPwdExpiration attribute to be ignored.

Version-Release number of selected component (if applicable):

krb5-server-1.8.2-3.fc14.x86_64
Comment 1 Fedora Update System 2010-08-25 15:42:45 UTC 
krb5-1.8.2-4.fc14 has been submitted as an update for Fedora 14.
http://admin.fedoraproject.org/updates/krb5-1.8.2-4.fc14
Comment 2 Fedora Update System 2010-08-25 15:48:28 UTC 
krb5-1.7.1-13.fc12 has been submitted as an update for Fedora 12.
http://admin.fedoraproject.org/updates/krb5-1.7.1-13.fc12
Comment 3 Fedora Update System 2010-08-25 15:48:32 UTC 
krb5-1.7.1-13.fc13 has been submitted as an update for Fedora 13.
http://admin.fedoraproject.org/updates/krb5-1.7.1-13.fc13
Comment 4 Fedora Update System 2010-08-26 02:15:05 UTC 
krb5-1.8.2-4.fc14 has been pushed to the Fedora 14 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update krb5'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/krb5-1.8.2-4.fc14
Comment 5 Fedora Update System 2010-09-04 05:15:25 UTC 
krb5-1.8.2-4.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2010-09-11 09:02:19 UTC 
krb5-1.7.1-13.fc12 has been pushed to the Fedora 12 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2010-09-11 09:08:23 UTC 
krb5-1.7.1-13.fc13 has been pushed to the Fedora 13 stable repository.  If problems still persist, please make note of it in this bug report.