#1890 SSSD doesn't display warning for last grace login.
Closed: Fixed None Opened 6 years ago by jhrozek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 954323

Description of problem:
If Password expiration policy is set in Directory Server, SSSD doesn't display
any warning for last grace login attempt.

Version-Release number of selected component (if applicable):
SSSD

How reproducible:


Steps to Reproduce:
1.Enable password policy in Directory Server.
2.Set the number of grace login in password policy to 3
3.Expire a user password ( by setting password Expiration Time)
4.Try to login as the user 3 times.

For example :-
-------
1. 1st Attempt
# ssh -l testuser localhost
testuser@localhost's password:
Your password has expired. You have 2 grace login(s) remaining.

2. 2nd Attempt
# ssh -l testuser localhost
testuser@localhost's password:
Your password has expired. You have 1 grace login(s) remaining.

3. 3rd Attempt (last attempt without any warning message)
# ssh -l testuser localhost
testuser@localhost's password:
Last login: Sat Apr 20 18:37:04 2013 from localhost
-------

Actual results:
SSSD prints grace login warning if the grace login is 1 or above. It doesn't
print warning for last attempt (0).

Expected results:
SSSD should print grace login warning for last attempt (0).

For example :-
-------
 "Your password has expired. You have 0 grace login(s) remaining"
-------

Additional info:

I have a candidate fix I gave to the GSS engineer working on this customer case.

blockedby: =>
blocking: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
owner: somebody => jhrozek
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

patch: 0 => 1

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.10 beta

resolution: => fixed
status: new => closed

Fields changed

changelog: => When grace warnings were enabled on a 389DS/RHDS LDAP server, the SSSD didn't display the last grace warning due to a off-by-one comparison bug.

Metadata Update from @jhrozek:
- Issue assigned to jhrozek
- Issue set to the milestone: SSSD 1.10 beta

2 years ago

Login to comment on this ticket.

Metadata