#2534 [RFE] Lock out ssh keys when account naturally expires
Closed: Fixed None Opened 7 years ago by mkosek.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1173198

Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.

This is a follow up to #2364. Original patch locked out user from accessing machine via SSH if an account was administratively locked (pwdAccountLockedTime set to 000001010000Z) in the OpenLDAP Password Policy overlay. This works fine.

However, there is also a request for this functionality if user password is locked out from natural reasons (too many attempts, expired password). In this case, pwdAccountLockedTime is also set, to the time of lock out (this would probably need to be compared with pwdLockoutDuration).

Fields changed

blockedby: =>
blocking: =>
changelog: =>
coverity: =>
design: =>
design_review: => 0
feature_milestone: =>
fedora_test_page: =>
mark: no => 0
owner: somebody => preichl
review: True => 0
selected: =>
testsupdated: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.12.4

Fields changed

patch: 0 => 1

Moving tickets that didn't make the 1.12.4 release to 1.12.5

milestone: SSSD 1.12.4 => SSSD 1.12.5

resolution: => fixed
status: new => closed

Metadata Update from @mkosek:
- Issue assigned to preichl
- Issue set to the milestone: SSSD 1.12.5

5 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3576

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.