cloned from https://bugzilla.redhat.com/show_bug.cgi?id=2127833
Created attachment 1912878 [details] WebUI errors
Description of problem: Grace login limit allows values from range -1 to 2^32-1 instead of declared MAXINT, which is defined as 2^31-1 and in discrepancy with other fields in Password Policy. This is applicable to both WebUI (see the screen-shot attached) and CLI.
# ipa pwpolicy-mod --gracelimit=4294967296 ipa: ERROR: invalid 'gracelimit': can be at most 4294967295
Version-Release number of selected component (if applicable): ipa-server-4.10.0-6.el9.x86_64
How reproducible: Always
Steps to Reproduce: 1.ipa pwpolicy-mod --gracelimit=4294967295 # 2^32
Actual results: # ipa pwpolicy-mod --gracelimit=4294967295 Group: global_policy Max lifetime (days): 90 Min lifetime (hours): 1 History size: 0 Character classes: 0 Min length: 8 Max failures: 6 Failure reset interval: 60 Lockout duration: 600 Grace login limit: 4294967295
Expected results: ipa: ERROR: invalid 'gracelimit': can be at most 2147483647 # 2**31 - 1
Additional info: In the documentation for the feature, it is defined:
Range values for passwordgracelimit are:
-1 : password grace checking is disabled 0 : no grace BIND are allowed at all post-expiration 1..MAXINT: the number of BIND allowed post-expiration
https://github.com/freeipa/freeipa/pull/6456
Metadata Update from @rcritten: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2127833
master:
ipa-4-10:
ipa-4-9:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.