#1638 password expiry warning message doesn't appear during auth
Closed: Fixed None Opened 7 years ago by pbrezina.

https://bugzilla.redhat.com/show_bug.cgi?id=875677 (Red Hat Enterprise Linux 6)

Description of problem:
password expiry warning message doesn't appear during auth

Version-Release number of selected component (if applicable):
1.9.2-7

How reproducible:
Always

Steps to Reproduce:
1. Enable password expired warning interval on the 389-ds server as:
    dn: cn=config
    changetype: modify
    add: passwordExp
    passwordExp: on
    -
    add: passwordMaxAge
    passwordMaxAge: 86400
    -
    add: passwordWarning
    passwordWarning: 86400

2. Change the user's password once:
# ssh -l puser1 localhost
puser1@localhost's password:
Last login: Mon Nov 12 13:38:30 2012 from localhost
-sh-4.1$ passwd
Changing password for user puser1.
Current Password:
New password:
Retype new password:
passwd: all authentication tokens updated successfully.
-sh-4.1$ logout

3. Try to auth with the changed password:
# ssh -l puser1 localhost
puser1@localhost's password:
Last login: Mon Nov 12 16:22:24 2012 from localhost
-sh-4.1$


Actual results:
Password Expiry warning message doesn't appear during auth

Expected results:
Password expiry warning message should appear during auth.

Additional info:
/var/log/sssd/sssd_LDAP.log shows:
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [1.3.6.1.4.1.42.2.27.8.5.1].
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password Policy Response: expire [86400] grace [-1] error [No error].
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password will expire in [86400] seconds.
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x2000): Server
returned control [2.16.840.1.113730.3.4.5].
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x1000):
Password will expire in [86400] seconds.
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [simple_bind_done] (0x0400): Bind
result: Success(0), no errmsg set
(Sun Nov 11 22:37:20 2012) [sssd[be[LDAP]]] [auth_bind_user_done] (0x4000):
Found ppolicy data, assuming LDAP password policies are active.

/var/log/secure shows:
Nov 11 22:37:20 dhcp201-200 sshd[29978]: pam_unix(sshd:auth): authentication
failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost  user=puser1
Nov 11 22:37:20 dhcp201-200 sshd[29978]: pam_sss(sshd:auth): authentication
success; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost user=puser1
Nov 11 22:37:20 dhcp201-200 sshd[29978]: Accepted password for puser1 from ::1
port 35159 ssh2
Nov 11 22:37:21 dhcp201-200 sshd[29978]: pam_unix(sshd:session): session opened
for user puser1 by (uid=0)

Fields changed

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
milestone: NEEDS_TRIAGE => SSSD 1.9.3
testsupdated: => 0

Fields changed

owner: somebody => pbrezina
status: new => assigned

Fields changed

patch: 0 => 1

resolution: => fixed
status: assigned => closed

Metadata Update from @pbrezina:
- Issue assigned to pbrezina
- Issue set to the milestone: SSSD 1.9.3

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2680

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata