Hide Forgot
Description of problem: ipa krbtpolicy-mod allows max life and renew life to be set to negative number. The help does not state whether or not this is valid or what behaviour to expect with a negative value. Version-Release number of selected component (if applicable): ipa-server-2.0-0.2011012121git8cc46af.fc14.i686 ipa-admintools-2.0-0.2011012121git8cc46af.fc14.i686 How reproducible: Steps to Reproduce: 1. kinit as admin 2. ipa krbtpolicy-mod --maxlife=-1 --maxrenew=-1 3. Actual results: successfully set values to negative numbers Expected results: ????? Additional info:
https://fedorahosted.org/freeipa/ticket/847
master: c24725ed38dd94c34e4327d1d8c5720d768dcd37
verified # ipa krbtpolicy-mod --maxlife=-1 ipa: ERROR: invalid 'maxlife': must be at least 1 # ipa krbtpolicy-mod --maxrenew=-1 ipa: ERROR: invalid 'maxrenew': must be at least 1 # rpm -qi ipa-server | head Name : ipa-server Relocations: (not relocatable) Version : 2.0.0 Vendor: Red Hat, Inc. Release : 23.el6 Build Date: Wed 20 Apr 2011 09:57:13 AM EDT Install Date: Thu 19 May 2011 12:47:52 PM EDT Build Host: x86-003.build.bos.redhat.com Group : System Environment/Base Source RPM: ipa-2.0.0-23.el6.src.rpm Size : 2565882 License: GPLv3+ Signature : RSA/8, Thu 21 Apr 2011 03:48:25 PM EDT, Key ID 199e2f91fd431d51 Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> URL : http://www.freeipa.org/ Summary : The IPA authentication server :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ipakrbt_mod_maxrenew_negative :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [16:10:48] :: set max renew life of kerberos ticket negative test case ipa: ERROR: invalid 'maxrenew': must be at least 1 :: [ PASS ] :: set maxrenew=[-1] for [ipakrbt] ipa: ERROR: invalid 'maxrenew': must be at least 1 :: [ PASS ] :: set maxlife=[-1] for global policy ipa: ERROR: invalid 'krbmaxrenewableage': must be an integer :: [ PASS ] :: set maxrenew=[a] for [ipakrbt] ipa: ERROR: invalid 'krbmaxrenewableage': must be an integer :: [ PASS ] :: set maxlife=[a] for global policy ipa: ERROR: invalid 'krbmaxrenewableage': must be an integer :: [ PASS ] :: set maxrenew=[ab] for [ipakrbt] ipa: ERROR: invalid 'krbmaxrenewableage': must be an integer :: [ PASS ] :: set maxlife=[ab] for global policy ipa: ERROR: invalid 'krbmaxrenewableage': must be an integer :: [ PASS ] :: set maxrenew=[abc] for [ipakrbt] ipa: ERROR: invalid 'krbmaxrenewableage': must be an integer :: [ PASS ] :: set maxlife=[abc] for global policy 'd9799244-bb84-4d63-aa05-2c65dfffd137' ipakrbt-mod-maxrenew-negative result: PASS metric: 0 Log: /tmp/beakerlib-1459142/journal.txt Info: Searching AVC errors produced since 1300824647.95 (Tue Mar 22 16:10:47 2011) Searching logs... Info: No AVC messages found. Writing to /mnt/testarea/tmp.PRpcnY : AvcLog: /mnt/testarea/tmp.PRpcnY