Hide Forgot
Created attachment 1158197 [details] kickstart file Description of problem: The "Lock Account" check-box for node account can not be disabled in cockpit Version-Release number of selected component (if applicable): rhev-hypervisor7-ng-20160516.0.el7 imgbased-0.6-0.1.el7ev.noarch ovirt-hosted-engine-setup-1.3.6.1-1.el7ev.noarch ovirt-host-deploy-1.4.1-1.el7ev.noarch ovirt-hosted-engine-ha-1.3.5.5-1.el7ev.noarch How reproducible: 100% Steps to Reproduce: 1. Automatic install machine with kickstart file in attachment key command user --name=node --password=redhat --plaintext user --name=weiwang --password=qweasd --plaintext 2. Login cockpit website with root account 3. Go to Account table, and select "node" account 4. Disable the check-box "Lock Account" 5. Check the status of step 4 Actual results: The "Lock Account" check-box can not be disabled Expected results: The "Lock Account" check-box can be disabled from cockpit Additional info:
The kickstart does not contain the user --name=node directive. Please retry with teh correct kickstart. In addition please also provide a screenshot.
Created attachment 1158204 [details] update ks file Update kickstart file.
hi Fabian The issue is a dynamic process, when you click the check-box to unlock, the tick disappeared, but after 1~2 seconds the tick is appeared automatically. The issue screenshot can not be caught easily.
Please describe the goal here. Why would one disable this check-box? As it stands this seems like an enhancement rather than a bug.
With cockpit: Firstly, if login with node, login failed, after install ngn host Secondly, login with root, the "node" account is displayed. When entering node, the check-box status is operable. So it should be enabled/disabled by end-user. so I think: If node should not be unlocked by end-user, node account should be hidden for cockpit, or make the status for this check-box to disabled. I also have some confusing,node is automatically produced after install ngn host, what is the function of node in cockpit? What can we do using this account?
Cannot reproduce. Could you attach your /etc/shadow and /etc/passwd files before you try the unlock? And again after the unlock? We have a workaround for this in place, but in your case it doesn't seem to be taking effect. So I'd like to see the /etc/shadow and /etc/passwd files. This is very likely a duplicate of: https://bugzilla.redhat.com/show_bug.cgi?id=853153 Fedora bug: https://bugzilla.redhat.com/show_bug.cgi?id=1142234 In addition: https://github.com/cockpit-project/cockpit/issues/1216 Stackoverflow issue: http://unix.stackexchange.com/questions/109314/two-ways-to-lock-a-password-but-only-one-to-unlock
Attach the /etc/shadow and /etc/passwd files before or after unlock in the attachment.
Created attachment 1171809 [details] passwd before unlock
Created attachment 1171810 [details] shadow before unlock
Created attachment 1171811 [details] passwd after unlock
Created attachment 1171812 [details] shadow after unlock
This is a system bug. The following command has the same behavior: $ sudo usermod node --unlock The above command is what Cockpit uses to unlock the account. It results in removing one of the exclamation points from /etc/shadow. This is being fixed in Fedora and hopefully soon RHEL. Marking a duplicate. *** This bug has been marked as a duplicate of bug 853153 ***