#2924 Incorrect mapping for locked vs expired accounts with the krb provider
Closed: Fixed None Opened 4 years ago by simo.

Currently the krb provider maps KRB5KDC_ERR_CLIENT_REVOKED as ERR_ACCOUNT_EXPIRED.
This is incorrect as KRB5KDC_ERR_CLIENT_REVOKED is returned by the KDC when an acount lockut is in effect.
When an account is expired the kdc returns KRB5KDC_ERR_NAME_EXP.

Fields changed

patch: 0 => 1

Fields changed

owner: somebody => simo

Fields changed

rhbz: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

resolution: => fixed
status: new => closed

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: SSSD 1.14 alpha

2 years ago

Login to comment on this ticket.