Bug 985013 - ERROR: Pre-Encoded passwords are not valid when changing password using ipa user-mod
ERROR: Pre-Encoded passwords are not valid when changing password using ipa u...
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: 389-ds-base (Show other bugs)
7.0
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rich Megginson
Sankar Ramalingam
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2013-07-16 10:50 EDT by Xiyang Dong
Modified: 2015-01-21 15:17 EST (History)
9 users (show)

See Also:
Fixed In Version: 389-ds-base-1.3.1.3-1.el7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-13 09:06:46 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Xiyang Dong 2013-07-16 10:50:11 EDT
Description of problem:

[root@rhel7 forms-cli]# ipa user-add one
First name: one
Last name: one
----------------
Added user "one"
----------------
  User login: one
  First name: one
  Last name: one
  Full name: one one
  Display name: one one
  Initials: oo
  Home directory: /home/one
  GECOS field: one one
  Login shell: /bin/sh
  Kerberos principal: one@TESTRELM.COM
  Email address: one@testrelm.com
  UID: 1888200136
  GID: 1888200136
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
[root@rhel7 forms-cli]# ipa user-mod one --password
Password: 
Enter Password again to verify: 
ipa: ERROR: Constraint violation: Pre-Encoded passwords are not valid

ipa passwd works fine.
[root@rhel7 forms-cli]# ipa passwd one
New Password: 
Enter New Password again to verify: 
---------------------------------------
Changed password for "one@TESTRELM.COM"
---------------------------------------

Version-Release number of selected component (if applicable):
ipa-server-3.2.1-1.el7.x86_64

How reproducible:
Always

Steps to Reproduce:
1.create a user
2.change user password using ipa user-mod --password

Actual results:

ipa: ERROR: Constraint violation: Pre-Encoded passwords are not valid

Expected results:

password changed successfully

Additional info:
Comment 1 Martin Kosek 2013-07-16 11:03:17 EDT
Alexander or Simo, isn't this related to DS issue you were investigating last week?
Comment 3 Martin Kosek 2013-07-16 11:28:28 EDT
I saw a comment from Alexander that this should be fixed in 389-ds-base 1.3.1.3, at least in Fedora 19.

Moving to 389-ds-base component so that they can close this when the fix is in RHEL-7.0 as well.
Comment 4 Alexander Bokovoy 2013-07-16 11:40:35 EDT
Yes, it should be fixed by 389-ds-base 1.3.1.3, at least in Fedora 19.
Comment 5 Nathan Kinder 2013-07-18 14:37:17 EDT
Upstream ticket:
https://fedorahosted.org/389/ticket/47419
Comment 6 Xiyang Dong 2013-08-19 10:27:52 EDT
Verified.

Version : ipa-server-3.2.2-1.el7.x86_64


Automated Test Results :
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: ipa-user-cli-mod-bugzilla-002:bz985013 Pre-Encoded passwords are not valid when changing password using ipa user-mod
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

spawn /usr/bin/kinit -V admin
Using new cache: :/run/user/0/krb5cc/tkt0WekZn
Using principal: admin@TESTRELM.COM
Password for admin@TESTRELM.COM: 
Authenticated to Kerberos v5
Default principal: admin@TESTRELM.COM
:: [ 10:18:41 ] ::  kinit as admin with password Secret123 was successful.
---------------------
Added user "bz985013"
---------------------
  User login: bz985013
  First name: bz985013
  Last name: bz985013
  Full name: bz985013 bz985013
  Display name: bz985013 bz985013
  Initials: bb
  Home directory: /home/bz985013
  GECOS field: bz985013 bz985013
  Login shell: /bin/sh
  Kerberos principal: bz985013@TESTRELM.COM">bz985013@TESTRELM.COM
  Email address: bz985013@testrelm.com">bz985013@testrelm.com
  UID: 1483200932
  GID: 1483200932
  Password: False
  Member of groups: ipausers
  Kerberos keys available: False
:: [ 10:18:42 ] ::  Running ipa user-mod with password option :echo bz985013 | ipa user-mod bz985013 --password | grep 'Password: True'
  Password: True
:: [   PASS   ] :: make sure ipa user-mode works for changing user's password
-----------------------
Deleted user "bz985013"
-----------------------
Comment 7 Ludek Smid 2014-06-13 09:06:46 EDT
This request was resolved in Red Hat Enterprise Linux 7.0.

Contact your manager or support representative in case you have further questions about the request.

Note You need to log in before you can comment on or make changes to this bug.