| Summary: | Password Policy Failure Counter Stops working, max failures never reached and user never gets locked out | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Jenny Severance <jgalipea> |
| Component: | ipa | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED NOTABUG | QA Contact: | IDM QE LIST <seceng-idm-qe-list> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | high | ||
| Version: | 6.3 | CC: | mkosek |
| Target Milestone: | rc | Keywords: | Regression |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-04-20 11:35:56 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Jenny Severance
2012-04-09 19:09:44 UTC
I'm not able to reproduce this. Can you provide more information on what the current password policy is? Here is a better log of events ... showing the password policy settings :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Max Failures reached and users credentials revoked :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: spawn /usr/bin/kinit -V admin Using default cache: /tmp/krb5cc_0 Using principal: admin Password for admin: Authenticated to Kerberos v5 Default principal: admin :: [11:49:31] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' Group: global_policy Max lifetime (days): 90 Min lifetime (hours): 1 History size: 0 Character classes: 0 Min length: 8 Max failures: 3 Failure reset interval: 60 Lockout duration: 600 :: [ PASS ] :: Setting maxfail to value of [3] :: [ PASS ] :: Max failures correct [3] spawn /usr/bin/kinit -V user1 Using default cache: /tmp/krb5cc_0 Using principal: user1 Password for user1: kinit: Password incorrect while getting initial credentials klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) :: [11:49:43] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with invalid password. Attempt [1] kdestroy: No credentials cache found while destroying cache spawn /usr/bin/kinit -V user1 Using default cache: /tmp/krb5cc_0 Using principal: user1 Password for user1: kinit: Password incorrect while getting initial credentials klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) :: [11:49:45] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with invalid password. Attempt [2] kdestroy: No credentials cache found while destroying cache spawn /usr/bin/kinit -V user1 Using default cache: /tmp/krb5cc_0 Using principal: user1 Password for user1: kinit: Password incorrect while getting initial credentials klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0) :: [11:49:46] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with invalid password. Attempt [3] kdestroy: No credentials cache found while destroying cache spawn /usr/bin/kinit -V admin Using default cache: /tmp/krb5cc_0 Using principal: admin Password for admin: Authenticated to Kerberos v5 Default principal: admin :: [11:49:48] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [1] Expected: [3] :: [ FAIL ] :: Kinit as user with valid password. Max failures reached (Expected 1, got 0) :: [ FAIL ] :: File '/tmp/kinitrevoked.txt' should contain 'Clients credentials have been revoked while getting initial credentials' '0a86d246-1002-4043-b102-5600ca6ad06d' Max-Failures-reached-and-users-credentials-revoked result: FAIL Upstream ticket: https://fedorahosted.org/freeipa/ticket/2639 I believe this may be a timing issue with my tests and the time outs. I am probably going to close this as not a bug ... but want to wait until I am sure. This is due to interval timeouts before test is complete, fixing tests and closing not a bug |