#8006 ipa user-mod ignores password expiration date when password will also be set
Opened 5 months ago by twoerner. Modified 5 months ago

Issue

If ipa user-mod is used with password and password expiration date, then password expiration date is not set to given value. Without setting the password, the expiration date is applied.

Steps to Reproduce

  1. Create user
  2. Set password expiration date together with password
  3. Expiration date will not be set to given value

Actual behavior

Expiration date is not set to given value

Expected behavior

Expiration date set to given value

Version/Release/Distribution

IPA 4.8.0
(Not tested with other releases so far.)


I think this is expected behavior. All passwords set by an administrator are marked as expired. There is no override.

This is the issue
# date
Tue 30 Jul 2019 01:16:02 AM CDT

////Password expiration set explicilty works fine///
//Expire password at 2019/30/07 11:51:10
# ipa user-mod password-expiration-user --password-expiration 20190730115110Z
Modified user "password-expiration-user"
User login: password-expiration-user
First name: password
Last name: expiration-user
Home directory: /home/password-expiration-user
Login shell: /bin/sh
Principal name: password-expiration-user@ATEST.COM
Principal alias: password-expiration-user@ATEST.COM
User password expiration: 20190730115110Z <<<<<<<<<<<
Email address: password-expiration-user@atest.com
UID: 760400005
GID: 760400005
Account disabled: False
Password: True
Member of groups: ipausers
Kerberos keys available: True

////Password expiration set while setting password does not////
//Expire password at 2019/30/07 11:55:20
# ipa user-mod password-expiration-user --password --password-expiration 20190730115520Z
Password:
Enter Password again to verify:
Modified user "password-expiration-user"
User login: password-expiration-user
First name: password
Last name: expiration-user
Home directory: /home/password-expiration-user
Login shell: /bin/sh
Principal name: password-expiration-user@ATEST.COM
Principal alias: password-expiration-user@ATEST.COM
User password expiration: 20190730061714Z <<<<<<<<<<
Email address: password-expiration-user@atest.com
UID: 760400005
GID: 760400005
Account disabled: False
Password: True
Member of groups: ipausers
Kerberos keys available: True

Login to comment on this ticket.

Metadata