#1638 password expiry warning message doesn't appear during auth
Closed: Fixed None Opened 6 years ago by pbrezina.

https://bugzilla.redhat.com/show_bug.cgi?id=875677 (Red Hat Enterprise Linux 6)

Description of problem:
password expiry warning message doesn't appear during auth

Version-Release number of selected component (if applicable):
1.9.2-7

How reproducible:
Always

Steps to Reproduce:
1. Enable password expired warning interval on the 389-ds server as:
    dn: cn=config
    changetype: modify
    add: passwordExp
    passwordExp: on
    -
    add: passwordMaxAge
    passwordMaxAge: 86400
    -
    add: passwordWarning
    passwordWarning: 86400

2. Change the user's password once:
# ssh -l puser1 localhost
puser1@localhost's password:
Last login: Mon Nov 12 13:38:30 2012 from localhost
-sh-4.1$ passwd
Changing password for user puser1.
Current Password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
-sh-4.1$ logout

3. Try to auth with the changed password:
# ssh -l puser1 localhost
puser1@localhost's password:
Last login: Mon Nov 12 16:22:24 2012 from localhost
-sh-4.1$


Actual results:
Password Expiry warning message doesn't appear during auth

Expected results:
Password expiry warning message should appear during auth.

Additional info:
/var/log/sssd/sssd_LDAP.log shows:
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [1.3.6.1.4.1.42.2.27.8.5.1].
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password Policy Response: expire [86400] grace [-1] error [No error].
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password will expire in [86400] seconds.
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [2.16.840.1.113730.3.4.5].
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password will expire in [86400] seconds.
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind
result: Success(0), no errmsg set
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000):
Found ppolicy data, assuming LDAP password policies are active.

/var/log/secure shows:
Nov 11 22:37:20 dhcp201-200 sshd[29978]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=puser1
Nov 11 22:37:20 dhcp201-200 sshd[29978]: pam_sss(sshd:auth): authentication
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=puser1
Nov 11 22:37:20 dhcp201-200 sshd[29978]: Accepted password for puser1 from ::1
port 35159 ssh2
Nov 11 22:37:21 dhcp201-200 sshd[29978]: pam_unix(sshd:session): session opened
for user puser1 by (uid=0)

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.9.3
testsupdated: => 0

Fields changed

owner: somebody => pbrezina
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.3

2 years ago

Login to comment on this ticket.

Metadata