Bug 804096

Summary: Password Policy Failure Interval Reset is not working.
Product: Red Hat Enterprise Linux 6 Reporter: Jenny Severance <jgalipea>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: IDM QE LIST <seceng-idm-qe-list>
Severity: high Docs Contact:
Priority: high    
Version: 6.3CC: mkosek
Target Milestone: rcKeywords: Regression
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-2.2.0-8.el6 Doc Type: Bug Fix
Doc Text:
No documentation needed.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-06-20 13:21:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jenny Severance 2012-03-16 14:31:55 UTC 
Description of problem:

--failinterval=INT  Period after which failure count will be reset (seconds)

Failure counter is not getting reset after interval period ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname: [user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [10]
:: [   PASS   ] :: Interval value correct [10]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Sleeping for 10 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [2] Expected: [1] 
:: [   LOG    ] :: Duration: 46s
:: [   LOG    ] :: Assertions: 12 good, 1 bad
:: [   FAIL   ] :: RESULT: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname: [user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [30]
:: [   PASS   ] :: Interval value correct [30]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [1]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [2]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleeping for 30 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [3] Expected: [1] 
:: [   LOG    ] :: Duration: 1m 9s
:: [   LOG    ] :: Assertions: 14 good, 1 bad
:: [   FAIL   ] :: RESULT: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Group Failures Policy Enforcement - Failure Interval
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleep for interval duration
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [3] Expected: [1] 
:: [   LOG    ] :: Duration: 27s
:: [   LOG    ] :: Assertions: 8 good, 1 bad
:: [   FAIL   ] :: RESULT: Group Failures Policy Enforcement - Failure Interval


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. already automated see description
2.
3.
  
Actual results:
user failure counter to be reset after interval

Expected results:
failure counter not being reset after interval

Additional info:
Comment 2 Dmitri Pal 2012-03-16 21:57:31 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2540
Comment 3 Rob Crittenden 2012-03-29 22:03:15 UTC 
Fixed upstream.

master: 56fa06fec4a841664f3ad6cbfb97979320c9bfd2

ipa-2-2: 27ae10df9fab03aef72dd79eb0e67b02021f8982
Comment 6 Jenny Severance 2012-04-09 19:04:08 UTC 
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname: [user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [10]
:: [   PASS   ] :: Interval value correct [10]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Sleeping for 10 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Duration: 49s
:: [   LOG    ] :: Assertions: 13 good, 0 bad
:: [   PASS   ] :: RESULT: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname: [user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [30]
:: [   PASS   ] :: Interval value correct [30]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [1]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [2]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleeping for 30 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Duration: 1m 14s
:: [   LOG    ] :: Assertions: 15 good, 0 bad
:: [   PASS   ] :: RESULT: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Group Failures Policy Enforcement - Failure Interval
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleep for interval duration
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Duration: 29s
:: [   LOG    ] :: Assertions: 9 good, 0 bad
:: [   PASS   ] :: RESULT: Group Failures Policy Enforcement - Failure Interval


version ::
ipa-server-2.2.0-8.el6.x86_64
Comment 8 Martin Kosek 2012-04-25 09:19:05 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 10 errata-xmlrpc 2012-06-20 13:21:26 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html