RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 785864 - Users Failed Login attempts are not iterating the counter
Summary: Users Failed Login attempts are not iterating the counter
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.3
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: IDM QE LIST
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-30 19:42 UTC by Jenny Severance
Modified: 2012-06-20 13:31 UTC (History)
1 user (show)

Fixed In Version: ipa-2.2.0-1.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Clone Of:
Environment:
Last Closed: 2012-06-20 13:31:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2012:0819 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2012-06-19 20:34:17 UTC

Description Jenny Severance 2012-01-30 19:42:37 UTC 
Description of problem:


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Verify Failure Counter Iteration
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0] Expected: [1] 
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0] Expected: [2] 
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0] Expected: [3] 
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0] Expected: [4] 
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0] Expected: [5] 
:: [   LOG    ] :: Duration: 23s
:: [   LOG    ] :: Assertions: 10 good, 5 bad
:: [   FAIL   ] :: RESULT: Verify Failure Counter Iteration

# kinit jenny
Password for jenny: 
kinit: Password incorrect while getting initial credentials


# ipa user-show --all jenny
  dn: uid=jenny,cn=users,cn=accounts,dc=testrelm,dc=com
  User login: jenny
  First name: Jenny
  Last name: Galipeau
  Full name: Jenny Galipeau
  Display name: Jenny Galipeau
  Initials: JG
  Home directory: /home/jenny
  GECOS field: Jenny Galipeau
  Login shell: /bin/sh
  Kerberos principal: jenny
  UID: 809400167
  GID: 809400167
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 3c26ebd2-4b51-11e1-8ed9-525400d5df12
  krbextradata: AAJM8CZPa2FkbWluZEBURVNUUkVMTS5DT00A
  krblastpwdchange: 20120130193228Z
  krbloginfailedcount: 0   <================================================
  krbpasswordexpiration: 20120429193228Z
  krbpwdpolicyreference: cn=global_policy,cn=TESTRELM.COM,cn=kerberos,dc=testrelm,dc=com
  krbticketflags: 128
  mepmanagedentry: cn=jenny,cn=groups,cn=accounts,dc=testrelm,dc=com
  objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, mepOriginEntry


# ssh -l jenny localhost
jenny@localhost's password: 
Permission denied, please try again.
jenny@localhost's password: 
Permission denied, please try again.
jenny@localhost's password: 
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

# ipa user-show --all jenny
  dn: uid=jenny,cn=users,cn=accounts,dc=testrelm,dc=com
  User login: jenny
  First name: Jenny
  Last name: Galipeau
  Full name: Jenny Galipeau
  Display name: Jenny Galipeau
  Initials: JG
  Home directory: /home/jenny
  GECOS field: Jenny Galipeau
  Login shell: /bin/sh
  Kerberos principal: jenny
  UID: 809400167
  GID: 809400167
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 3c26ebd2-4b51-11e1-8ed9-525400d5df12
  krbextradata: AAJM8CZPa2FkbWluZEBURVNUUkVMTS5DT00A
  krblastpwdchange: 20120130193228Z
  krbloginfailedcount: 0  <===================================================
  krbpasswordexpiration: 20120429193228Z
  krbpwdpolicyreference: cn=global_policy,cn=TESTRELM.COM,cn=kerberos,dc=testrelm,dc=com
  krbticketflags: 128
  mepmanagedentry: cn=jenny,cn=groups,cn=accounts,dc=testrelm,dc=com
  objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, mepOriginEntry

Version-Release number of selected component (if applicable):
ipa-server-2.2.0-101.20120127T0607zgit6863b8f.el6.x86_64

How reproducible:


Steps to Reproduce:
1. see description
2.
3.
  
Actual results:
This is a regression

Expected results:


Additional info:
Comment 1 Martin Kosek 2012-01-31 16:11:06 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2334
Comment 2 Rob Crittenden 2012-02-16 20:42:55 UTC 
Fixed upstream

master: 651f9324735d0680c6a56246616932459e15b99d

ipa-2-2: 5a087e65e24090ee35153ca183206b2d97748c3a
Comment 5 Jenny Severance 2012-03-12 18:56:04 UTC 
verified ::



::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Verify Failure Counter Iteration
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

spawn /usr/bin/kinit -V user1
Using default cache: /tmp/krb5cc_0
Using principal: user1
Password for user1: 
kinit: Password incorrect while getting initial credentials
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
:: [14:41:14] ::  ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
kdestroy: No credentials cache found while destroying cache
spawn /usr/bin/kinit -V admin
Using default cache: /tmp/krb5cc_0
Using principal: admin
Password for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [14:41:16] ::  kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
spawn /usr/bin/kinit -V user1
Using default cache: /tmp/krb5cc_0
Using principal: user1
Password for user1: 
kinit: Password incorrect while getting initial credentials
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
:: [14:41:21] ::  ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
kdestroy: No credentials cache found while destroying cache
spawn /usr/bin/kinit -V admin
Using default cache: /tmp/krb5cc_0
Using principal: admin
Password for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [14:41:22] ::  kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
spawn /usr/bin/kinit -V user1
Using default cache: /tmp/krb5cc_0
Using principal: user1
Password for user1: 
kinit: Password incorrect while getting initial credentials
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
:: [14:41:27] ::  ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
kdestroy: No credentials cache found while destroying cache
spawn /usr/bin/kinit -V admin
Using default cache: /tmp/krb5cc_0
Using principal: admin
Password for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [14:41:29] ::  kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [3]
spawn /usr/bin/kinit -V user1
Using default cache: /tmp/krb5cc_0
Using principal: user1
Password for user1: 
kinit: Password incorrect while getting initial credentials
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
:: [14:41:34] ::  ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
kdestroy: No credentials cache found while destroying cache
spawn /usr/bin/kinit -V admin
Using default cache: /tmp/krb5cc_0
Using principal: admin
Password for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [14:41:35] ::  kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [4]
spawn /usr/bin/kinit -V user1
Using default cache: /tmp/krb5cc_0
Using principal: user1
Password for user1: 
kinit: Password incorrect while getting initial credentials
klist: No credentials cache found (ticket cache FILE:/tmp/krb5cc_0)
:: [14:41:40] ::  ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
kdestroy: No credentials cache found while destroying cache
spawn /usr/bin/kinit -V admin
Using default cache: /tmp/krb5cc_0
Using principal: admin
Password for admin: 
Authenticated to Kerberos v5
Default principal: admin
:: [14:41:42] ::  kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [5]


version ::

ipa-server-2.2.0-3.el6.x86_64
Comment 7 Martin Kosek 2012-04-24 11:33:19 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 9 errata-xmlrpc 2012-06-20 13:31:48 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html
Note You need to log in before you can comment on or make changes to this bug.