+++ This bug was initially created as a clone of Bug #627022 +++ Description of problem: There are two occurences of this line in src/plugins/kdb/ldap/libkdb_ldap/ldap_misc.c lines 2085 and 2142: if ((mask & KDB_PRINC_EXPIRE_TIME_ATTR) == 1) { KDB_PRINC_EXPIRE_TIME_ATTR is defined as 0x80, it will never == 1. This is causing the krbPwdExpiration attribute to be ignored. Version-Release number of selected component (if applicable): krb5-server-1.8.2-3.fc14.x86_64
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0098.html