Bug 627039
Summary: | Incorrect handling of password expiration | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Nalin Dahyabhai <nalin> |
Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.0 | CC: | dpal, fnadge, jplans, rcritten |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | krb5-1.9-1.el6 | Doc Type: | Bug Fix |
Doc Text: |
This field is the basis of the errata or release note for this bug. It can also be used for change logs.
The Technical Note template, known as CCFR, is as follows:
Cause
When reading a principal entry from a directory server, the LDAP kdb plugin would fail to correctly heed of an explicit password expiration time stored in the principal entry.
Consequence
If a password lifetime was set as part of a password aging policy which applied to the entry, then any password expiration time stored in the principal entry itself would be ignored in favor of the value calculated based on policy's password lifetime and the date the entry's password was last changed.
|
Story Points: | --- |
Clone Of: | 627022 | Environment: | |
Last Closed: | 2011-05-19 13:11:51 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 627022 | ||
Bug Blocks: |
Description
Nalin Dahyabhai
2010-08-24 22:10:41 UTC
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: This field is the basis of the errata or release note for this bug. It can also be used for change logs. The Technical Note template, known as CCFR, is as follows: Cause What actions or circumstances cause this bug to present. Consequence What happens when the bug presents. Fix What was done to fix the bug. Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -3,8 +3,6 @@ The Technical Note template, known as CCFR, is as follows: Cause - What actions or circumstances cause this bug to present. + When reading a principal entry from a directory server, the LDAP kdb plugin would fail to correctly heed of an explicit password expiration time stored in the principal entry. Consequence - What happens when the bug presents. + If a password lifetime was set as part of a password aging policy which applied to the entry, then any password expiration time stored in the principal entry itself would be ignored in favor of the value calculated based on policy's password lifetime and the date the entry's password was last changed.-Fix - What was done to fix the bug. An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0571.html |