#2924 Incorrect mapping for locked vs expired accounts with the krb provider
Closed: Fixed None Opened 5 years ago by simo.

Currently the krb provider maps KRB5KDC_ERR_CLIENT_REVOKED as ERR_ACCOUNT_EXPIRED.
This is incorrect as KRB5KDC_ERR_CLIENT_REVOKED is returned by the KDC when an acount lockut is in effect.
When an account is expired the kdc returns KRB5KDC_ERR_NAME_EXP.

Fields changed

patch: 0 => 1

Fields changed

owner: somebody => simo

Fields changed

rhbz: => 0

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

resolution: => fixed
status: new => closed

Metadata Update from @simo:
- Issue assigned to simo
- Issue set to the milestone: SSSD 1.14 alpha

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/3965

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Login to comment on this ticket.