#6511 Unexpected behavior of password policies when --failinterval is not set
Opened 2 years ago by pvomacka. Modified a year ago

Steps to reproduce:
1) Create new Password policy
2) Set --maxfail to lets say 10 (value does not matter)
3) Set --lockouttime to lets say 60 (value does not matter)
4) Try to kinit as user in group for which the policy was created
5) The account is locked after various number of failed attemps, not exactly after 10.

It works correctly when --failinterval is set to number != 0 .


Doc string should be enhanced.

  • dkupka: What is the expected behaviour here? From source code I can tell that when not set 0 is used but what should then happen? Reset the counter after 0 seconds or disable counter reseting at all?

Metadata Update from @pvomacka:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5

2 years ago

Metadata Update from @mbasti:
- Issue close_status updated to: None
- Issue set to the milestone: FreeIPA 4.5.1 (was: FreeIPA 4.5)

2 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.5.1)

2 years ago

Metadata Update from @rcritten:
- Issue set to the milestone: FreeIPA 4.7.1 (was: FreeIPA 4.7)

a year ago

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

Login to comment on this ticket.

Metadata