Bug 489015 - pam_krb5 cannot offer to change expired password
pam_krb5 cannot offer to change expired password
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: pam_krb5 (Show other bugs)
5.3
All Linux
low Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
BaseOS QE
:
Depends On:
Blocks: 490160
  Show dependency treegraph
 
Reported: 2009-03-06 13:45 EST by Casey Dahlin
Modified: 2014-06-18 04:46 EDT (History)
8 users (show)

See Also:
Fixed In Version: pam_krb5-2.2.14-15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-03-30 04:33:29 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
backported fix (5.17 KB, patch)
2009-03-06 14:22 EST, Nalin Dahyabhai
no flags Details | Diff

  None (edit)
Description Casey Dahlin 2009-03-06 13:45:54 EST
pam_krb5 doesn't allow the user to change an expired password. Instead an expired password always results in an authentication failure.

Patch included in IT
Comment 1 Nalin Dahyabhai 2009-03-06 14:21:34 EST
(In reply to comment #0)
> pam_krb5 doesn't allow the user to change an expired password. Instead an
> expired password always results in an authentication failure.

... if the KDC's database has been configured so that attempts to obtain password-changing credentials with the forwardable flag are disallowed.  It's allowed by default for better compatibility with multiple clients, which is why we haven't run into this before.
Comment 2 Nalin Dahyabhai 2009-03-06 14:22:44 EST
Created attachment 334341 [details]
backported fix
Comment 12 Chris Ward 2010-02-11 05:05:10 EST
~~ Attention Customers and Partners - RHEL 5.5 Beta is now available on RHN ~~

RHEL 5.5 Beta has been released! There should be a fix present in this 
release that addresses your request. Please test and report back results 
here, by March 3rd 2010 (2010-03-03) or sooner.

Upon successful verification of this request, post your results and update 
the Verified field in Bugzilla with the appropriate value.

If you encounter any issues while testing, please describe them and set 
this bug into NEED_INFO. If you encounter new defects or have additional 
patch(es) to request for inclusion, please clone this bug per each request
and escalate through your support representative.
Comment 15 errata-xmlrpc 2010-03-30 04:33:29 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2010-0258.html

Note You need to log in before you can comment on or make changes to this bug.