Bug 627038

Summary: Incorrect handling of password expiration
Product: Red Hat Enterprise Linux 5 Reporter: Nalin Dahyabhai <nalin>
Component: krb5Assignee: Nalin Dahyabhai <nalin>
Status: CLOSED ERRATA QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: borgan, dpal, jplans, rcritten
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: krb5-1.6.1-51.el5 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 627022 Environment:
Last Closed: 2011-01-13 23:53:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 627022    
Bug Blocks:    

Description Nalin Dahyabhai 2010-08-24 22:10:36 UTC 
+++ This bug was initially created as a clone of Bug #627022 +++

Description of problem:

There are two occurences of this line in src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c lines 2085 and 2142:

    if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) {

KDB_PRINC_EXPIRE_TIME_ATTR is defined as 0x80, it will never == 1.

This is causing the krbPwdExpiration attribute to be ignored.

Version-Release number of selected component (if applicable):

krb5-server-1.8.2-3.fc14.x86_64
Comment 4 errata-xmlrpc 2011-01-13 23:53:20 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0098.html