Issue #3305: KrbPrincipalExpiration should be checked in pre-bind op - freeipa

freeipa

#3305 KrbPrincipalExpiration should be checked in pre-bind op

Closed: Fixed None Opened 11 years ago by simo.

We currently do not honour the krbprincipalexpiration attribute for LDAP binds.
A simple place to check and deny auth would be to check for it in the pre_bind operation.

mkosek commented 10 years ago

3.4 development was shifted for one month, moving tickets to reflect reality better.

mkosek commented 10 years ago

Linking with the right Bugzilla (previous closed as duplicate).

mkosek commented 10 years ago

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

mkosek commented 10 years ago

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

mkosek commented 10 years ago

This ticket is not complete yet, moving to next month milestone.

abbra commented 9 years ago

Fixed upstream
master:

5d78cdf ipa-pwd-extop: Deny LDAP binds for accounts with expired principals
004071a ipatests: Add test for denying expired principals

Metadata Update from @simo:
- Issue assigned to tbabej
- Issue set to the milestone: FreeIPA 4.0 - 2014/04

7 years ago

Metadata

Assignee

tbabej

Tags

None

Blocking

None

Depending on

None

Priority

low

Milestone

FreeIPA 4.0 - 2014/04

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

easyfix

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=887988

tester

None

changelog

None

design

None

freeipa

Source Code

#3305 KrbPrincipalExpiration should be checked in pre-bind op Closed: Fixed None Opened 11 years ago by simo.

Metadata

#3305 KrbPrincipalExpiration should be checked in pre-bind op

Closed: Fixed None Opened 11 years ago by simo.