Bug 1289505 - ipa pwpolicy-show deserves better error message
ipa pwpolicy-show deserves better error message
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: IPA Maintainers
Namita Soman
Depends On:
  Show dependency treegraph
Reported: 2015-12-08 05:55 EST by Abhijeet Kasurde
Modified: 2016-01-04 13:01 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-01-04 13:01:10 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Abhijeet Kasurde 2015-12-08 05:55:28 EST
Description of problem:
If non-admin user performs pwpolicy-show operation, then command returns following error 

# ipa pwpolicy-show
ipa: ERROR: None: password policy not found

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:

# echo Secret123 | kinit admin
Password for admin@TESTRELM.TEST: 
# echo Passw0rd1 | ipa user-add --first abc --last abc abc --password
Added user "abc"
  User login: abc
  First name: abc
  Last name: abc
  Full name: abc abc
  Display name: abc abc
  Initials: aa
  Home directory: /home/abc
  GECOS: abc abc
  Login shell: /bin/sh
  Kerberos principal: abc@TESTRELM.TEST
  Email address: abc@testrelm.test
  UID: 327400005
  GID: 327400005
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
# kinit abc
Password for abc@TESTRELM.TEST: 
Password expired.  You must change it now.
Enter new password: 
Enter it again: 
Password mismatch.  Please try again.
Enter new password: 
Enter it again: 
# ipa pwpolicy-show
ipa: ERROR: None: password policy not found

Actual results:
Error message "ipa: ERROR: None: password policy not found"

Expected results:
Error message should be similar to "Check your permissions" or "Insufficient access: Insufficient 'delete' privilege to delete the entry "

Additional info:
same case goes with ipa pwpolicy-mod
Comment 1 Petr Vobornik 2015-12-08 08:08:53 EST
IMO it is not a bug. 

Printing the message would show which policies are there. IPA framework doesn't have any additional rights than the user so it doesn't know which policies are there.
Comment 2 Petr Vobornik 2016-01-04 13:01:10 EST
closing, see comment 1

Note You need to log in before you can comment on or make changes to this bug.