Description of problem: - How do i destroy the ipa_session by browser? - How do i destroy the ipa_session by api? Version-Release number of selected component (if applicable): 4.7.0 (ubuntu) Steps to Reproduce: 1. Login in the browser(or the api: login_password); 2. Get the ipa_session; 3. Logout from the account (by browser or api: session_logout(it worked in another version freeipa)); 4. I can still use the ipa_session further Actual results: I can still use the ipa_session further after logout Expected results: I cannot use the ipa_session further after logout
Please do not use bugzilla as a tool to discuss. Please use freeipa-users@ mailing list for general discussion. I am closing this as a duplicate of what was supposed to be a CVE-2019-14826 but was rejected. Please see reasons there. See also default.conf(5) man page for kinit_lifetime parameter. *** This bug has been marked as a duplicate of bug 1746944 ***