#3049 SSSD should respect krbprincipalexpiration in IPA for any authentication method
Closed: cloned-to-github 3 years ago by pbrezina. Opened 7 years ago by strikerttd.

SSSD should respect krbprincipalexpiration in IPA for any authentication method. In a test, this attribute was not respected for SSH key based authentication by an IPA user to an IPA client machine. While this means that the user cannot open a ticket, they are still able to access the IPA client machine.


In the next version, we should fist list all the attributes currently used for account lockout or marking the account as disabled, then see which of those should sssd honour under which condition.

At least the first part should be done in the next upstream version, then we'll also know the scope of the changes better.

milestone: NEEDS_TRIAGE => SSSD 1.15 Beta

Enabled\Disabled Diff: https://paste.fedoraproject.org/383740/66950651/

Not sure if I understand this correctly. There seems to be no noticeable difference beyond uSNChanged and userAccountControl.

_comment0: Enabled\Disabled Diff:
https://paste.fedoraproject.org/383740/66950651/ => 1466695260313121

Fields changed

rhbz: => todo

Metadata Update from @strikerttd:
- Issue set to the milestone: SSSD 1.15.3

7 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset
- Custom field mark reset
- Custom field patch reset
- Custom field review reset
- Custom field sensitive reset
- Custom field testsupdated reset
- Issue close_status updated to: None
- Issue set to the milestone: SSSD 1.15.4 (was: SSSD 1.15.3)

7 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue tagged with: cleanup-future

6 years ago

Metadata Update from @jhrozek:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue untagged with: cleanup-future
- Issue set to the milestone: SSSD Future releases (no date set yet) (was: SSSD 1.15.4)

6 years ago

Metadata Update from @thalman:
- Custom field design_review reset (from false)
- Custom field mark reset (from false)
- Custom field patch reset (from false)
- Custom field review reset (from false)
- Custom field sensitive reset (from false)
- Custom field testsupdated reset (from false)
- Issue tagged with: Future milestone

4 years ago

SSSD is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in SSSD's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/SSSD/sssd/issues/4082

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @pbrezina:
- Issue close_status updated to: cloned-to-github
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata