Hide Forgot
Description of problem: --failinterval=INT Period after which failure count will be reset (seconds) Failure counter is not getting reset after interval period :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ LOG ] :: create ipa user: [user1], firstname: [user1], lastname: [user1] password: [Secret123] :: [ PASS ] :: delete account [user1] :: [ LOG ] :: create ipa user: [user1], password: [Secret123] :: [ PASS ] :: add test user account :: [ LOG ] :: kinit as user1 with new password Secret123 was successful. :: [ PASS ] :: Creating a test user1 :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: Setting failinterval to value of [10] :: [ PASS ] :: Interval value correct [10] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval not expired :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: Sleeping for 10 seconds :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval expired :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [2] Expected: [1] :: [ LOG ] :: Duration: 46s :: [ LOG ] :: Assertions: 12 good, 1 bad :: [ FAIL ] :: RESULT: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: create ipa user: [user1], firstname: [user1], lastname: [user1] password: [Secret123] :: [ PASS ] :: delete account [user1] :: [ LOG ] :: create ipa user: [user1], password: [Secret123] :: [ PASS ] :: add test user account :: [ LOG ] :: kinit as user1 with new password Secret123 was successful. :: [ PASS ] :: Creating a test user1 :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: Setting failinterval to value of [30] :: [ PASS ] :: Interval value correct [30] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [1] :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [2] :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [2] :: [ LOG ] :: Sleeping for 30 seconds :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval expired :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [3] Expected: [1] :: [ LOG ] :: Duration: 1m 9s :: [ LOG ] :: Assertions: 14 good, 1 bad :: [ FAIL ] :: RESULT: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Group Failures Policy Enforcement - Failure Interval :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ERROR: kinit as grpuser with password BADPWD failed. :: [ PASS ] :: Kinit as group policy user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: ERROR: kinit as grpuser with password BADPWD failed. :: [ PASS ] :: Kinit as group policy user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [2] :: [ LOG ] :: Sleep for interval duration :: [ LOG ] :: ERROR: kinit as grpuser with password BADPWD failed. :: [ PASS ] :: Kinit as group policy user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [3] Expected: [1] :: [ LOG ] :: Duration: 27s :: [ LOG ] :: Assertions: 8 good, 1 bad :: [ FAIL ] :: RESULT: Group Failures Policy Enforcement - Failure Interval Version-Release number of selected component (if applicable): ipa-server-2.2.0-4.el6.x86_64 How reproducible: always Steps to Reproduce: 1. already automated see description 2. 3. Actual results: user failure counter to be reset after interval Expected results: failure counter not being reset after interval Additional info:
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2540
Fixed upstream. master: 56fa06fec4a841664f3ad6cbfb97979320c9bfd2 ipa-2-2: 27ae10df9fab03aef72dd79eb0e67b02021f8982
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ LOG ] :: create ipa user: [user1], firstname: [user1], lastname: [user1] password: [Secret123] :: [ PASS ] :: delete account [user1] :: [ LOG ] :: create ipa user: [user1], password: [Secret123] :: [ PASS ] :: add test user account :: [ LOG ] :: kinit as user1 with new password Secret123 was successful. :: [ PASS ] :: Creating a test user1 :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: Setting failinterval to value of [10] :: [ PASS ] :: Interval value correct [10] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval not expired :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: Sleeping for 10 seconds :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval expired :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: Duration: 49s :: [ LOG ] :: Assertions: 13 good, 0 bad :: [ PASS ] :: RESULT: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: create ipa user: [user1], firstname: [user1], lastname: [user1] password: [Secret123] :: [ PASS ] :: delete account [user1] :: [ LOG ] :: create ipa user: [user1], password: [Secret123] :: [ PASS ] :: add test user account :: [ LOG ] :: kinit as user1 with new password Secret123 was successful. :: [ PASS ] :: Creating a test user1 :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: Setting failinterval to value of [30] :: [ PASS ] :: Interval value correct [30] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [1] :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [2] :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [2] :: [ LOG ] :: Sleeping for 30 seconds :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with valid password. Max failures reached - interval expired :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: Duration: 1m 14s :: [ LOG ] :: Assertions: 15 good, 0 bad :: [ PASS ] :: RESULT: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Group Failures Policy Enforcement - Failure Interval :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: ERROR: kinit as grpuser with password BADPWD failed. :: [ PASS ] :: Kinit as group policy user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: ERROR: kinit as grpuser with password BADPWD failed. :: [ PASS ] :: Kinit as group policy user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [2] :: [ LOG ] :: Sleep for interval duration :: [ LOG ] :: ERROR: kinit as grpuser with password BADPWD failed. :: [ PASS ] :: Kinit as group policy user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ PASS ] :: User's failed counter is as expected: [1] :: [ LOG ] :: Duration: 29s :: [ LOG ] :: Assertions: 9 good, 0 bad :: [ PASS ] :: RESULT: Group Failures Policy Enforcement - Failure Interval version :: ipa-server-2.2.0-8.el6.x86_64
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: No documentation needed.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2012-0819.html