#1936 [ipa webui] global password policy should not be able to be deleted
Closed: Fixed None Opened 10 years ago by dpal.


Description of problem:
User with admin rights can delete global password policy from webui.

Version-Release number of selected component (if applicable): 2.1.1 (Sept 21 build day)

How reproducible: always

Steps to Reproduce:
1. install ipa server 
2. kinit as "admin" and bring up firefox, go to https://<ipaserver>
3. go to: "Policy" tab -> Password Policy sub menu -> select "Global Password" -> click "delete" to delete it

Actual results:
global password policy being deleted

Expected results:
global password can not be deleted even by admin

Additional info:
1. after global password policy being deleted, there is no way to add such policy since current WebUI does not offer "global" as a choice in "Add Password Policy" dialog

2. after the global password policy being deleted, cli: "ipa pwpolicy-show" will report error: password policy not found

3. after the global password policy being deleted, newly created user can not get kerberos ticket with initial password. IPA reports: user not found.

4. I didn't try this in latest build, I will post my test result once I updated my testing environment.

I wonder what happens in CLI. It should be caught on the server and last policy should not be removed.

Metadata Update from @dpal:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 2.1.3 (bug fixing)

5 years ago

Login to comment on this ticket.