#1890 SSSD doesn't display warning for last grace login.
Closed: Fixed None Opened 7 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 954323

Description of problem:
If Password expiration policy is set in Directory Server, SSSD doesn't display
any warning for last grace login attempt.

Version-Release number of selected component (if applicable):
SSSD

How reproducible:


Steps to Reproduce:
1.Enable password policy in Directory Server.
2.Set the number of grace login in password policy to 3
3.Expire a user password ( by setting password Expiration Time)
4.Try to login as the user 3 times.

For example :-
-------
1. 1st Attempt
# ssh -l testuser localhost
testuser@localhost's password:
Your password has expired. You have 2 grace login(s) remaining.

2. 2nd Attempt
# ssh -l testuser localhost
testuser@localhost's password:
Your password has expired. You have 1 grace login(s) remaining.

3. 3rd Attempt (last attempt without any warning message)
# ssh -l testuser localhost
testuser@localhost's password:
Last login: Sat Apr 20 18:37:04 2013 from localhost
-------

Actual results:
SSSD prints grace login warning if the grace login is 1 or above. It doesn't
print warning for last attempt (0).

Expected results:
SSSD should print grace login warning for last attempt (0).

For example :-
-------
 "Your password has expired. You have 0 grace login(s) remaining"
-------

Additional info:

I have a candidate fix I gave to the GSS engineer working on this customer case.

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta

resolution: => fixed
status: new => closed

Fields changed

changelog: => When grace warnings were enabled on a 389DS/RHDS LDAP server, the SSSD didn't display the last grace warning due to a off-by-one comparison bug.

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.10 beta

3 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/2932

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.

Metadata