Bug 804096 - Password Policy Failure Interval Reset is not working.
Password Policy Failure Interval Reset is not working.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.3
Unspecified Unspecified
high Severity high
: rc
: ---
Assigned To: Rob Crittenden
IDM QE LIST
: Regression
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-03-16 10:31 EDT by Jenny Galipeau
Modified: 2012-06-20 09:21 EDT (History)
1 user (show)

See Also:
Fixed In Version: ipa-2.2.0-8.el6
Doc Type: Bug Fix
Doc Text:
No documentation needed.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-06-20 09:21:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jenny Galipeau 2012-03-16 10:31:55 EDT
Description of problem:

--failinterval=INT  Period after which failure count will be reset (seconds)

Failure counter is not getting reset after interval period ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname: [user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [10]
:: [   PASS   ] :: Interval value correct [10]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Sleeping for 10 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [2] Expected: [1] 
:: [   LOG    ] :: Duration: 46s
:: [   LOG    ] :: Assertions: 12 good, 1 bad
:: [   FAIL   ] :: RESULT: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname: [user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [30]
:: [   PASS   ] :: Interval value correct [30]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [1]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [2]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleeping for 30 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [3] Expected: [1] 
:: [   LOG    ] :: Duration: 1m 9s
:: [   LOG    ] :: Assertions: 14 good, 1 bad
:: [   FAIL   ] :: RESULT: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Group Failures Policy Enforcement - Failure Interval
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleep for interval duration
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [3] Expected: [1] 
:: [   LOG    ] :: Duration: 27s
:: [   LOG    ] :: Assertions: 8 good, 1 bad
:: [   FAIL   ] :: RESULT: Group Failures Policy Enforcement - Failure Interval


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. already automated see description
2.
3.
  
Actual results:
user failure counter to be reset after interval

Expected results:
failure counter not being reset after interval

Additional info:
Comment 2 Dmitri Pal 2012-03-16 17:57:31 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2540
Comment 3 Rob Crittenden 2012-03-29 18:03:15 EDT
Fixed upstream.

master: 56fa06fec4a841664f3ad6cbfb97979320c9bfd2

ipa-2-2: 27ae10df9fab03aef72dd79eb0e67b02021f8982
Comment 6 Jenny Galipeau 2012-04-09 15:04:08 EDT
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname: [user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [10]
:: [   PASS   ] :: Interval value correct [10]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Sleeping for 10 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Duration: 49s
:: [   LOG    ] :: Assertions: 13 good, 0 bad
:: [   PASS   ] :: RESULT: Failue Interval - before and after interval expiration - 10 second interval - 1 bad attempt

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname: [user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [30]
:: [   PASS   ] :: Interval value correct [30]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [1]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval not expired. Attempt [2]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleeping for 30 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached - interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Duration: 1m 14s
:: [   LOG    ] :: Assertions: 15 good, 0 bad
:: [   PASS   ] :: RESULT: Failure Interval - before and after interval expiration - 30 second interval - 2 bad attempts

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: Group Failures Policy Enforcement - Failure Interval
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleep for interval duration
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Duration: 29s
:: [   LOG    ] :: Assertions: 9 good, 0 bad
:: [   PASS   ] :: RESULT: Group Failures Policy Enforcement - Failure Interval


version ::
ipa-server-2.2.0-8.el6.x86_64
Comment 8 Martin Kosek 2012-04-25 05:19:05 EDT
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
No documentation needed.
Comment 10 errata-xmlrpc 2012-06-20 09:21:26 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-0819.html

Note You need to log in before you can comment on or make changes to this bug.