RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Description of problem:

Sometimes when logging into a remote machine using cockpit the user that is used to connect will have three failed sudo attempts which with our password policy results in locking the user.


Version-Release number of selected component (if applicable):
Cockpit version 238.2-1


How reproducible:
Always

Steps to Reproduce:
The issue can be reproduced 100% of the time with the following steps:

1.    Restart web browser
2.    Open private tab
3.    Navigate to cockpit
4.    Login
5.    Navigate to a different host through the cockpit menu
6.    Watch /var/log/secure to see that sudo had 3 failed login attempts

Actual results:
/var/log/secure to see that sudo had 3 failed login attempts and user is locked.

Expected results:
/var/log/secure should not show any sudo failed login attempts and user should not be locked.


Additional info:

Hello Apurbita,

The patch is appropriate for backporting to 8.6. It is a behaviour change, but I think a good one. However, for technical/procedural reasons we need to fix that in 8.7 first, and then clone the bug for z-stream. So I'll use *this* bz as the 8.7 target.

For additional context this is the same as the upstream cockpit issue:  https://github.com/cockpit-project/cockpit/issues/17169 
With the fix being committed here: https://github.com/cockpit-project/cockpit/pull/17196

(In reply to Martin Pitt from comment #2)
> Hello Apurbita,
> 
> The patch is appropriate for backporting to 8.6. It is a behaviour change,
> but I think a good one. However, for technical/procedural reasons we need to
> fix that in 8.7 first, and then clone the bug for z-stream. So I'll use
> *this* bz as the 8.7 target.
Is there any timeline for this bug being cloned for z-stream so that this can be backed into RHEL 8.6?

Sorry, I was on PTO. Requesting zstream? now.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (cockpit bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7718