Issue #48813: password history is not updated when an admin resets the password - 389-ds-base

389-ds-base

#48813 password history is not updated when an admin resets the password

Closed: wontfix None Opened 7 years ago by mreynolds.

When an admin resets a password the current password is not stored in the password history. This incorrectly allows the user to reuse the previous password after the reset.

mreynolds commented 7 years ago

attachment
0001-Ticket-48813-password-history-is-not-updated-when-an.patch

nhosoi commented 7 years ago

Your fix looks good to me.

Actually, this is not new but rather it's been there for ages; it makes me wonder if simultaneous password updates happens against one user, the slapi entry is protected properly? Like several admin's and the user him/herself try to update the password at one time? :) Could you try that on your local build? If there is no problem, you already have my ack.

mreynolds commented 7 years ago

Replying to [comment:3 nhosoi]:

Your fix looks good to me.

Actually, this is not new but rather it's been there for ages; it makes me wonder if simultaneous password updates happens against one user, the slapi entry is protected properly? Like several admin's and the user him/herself try to update the password at one time? :) Could you try that on your local build? If there is no problem, you already have my ack.

Well I ran some concurrent userpassword updates under valgrind and I did not see any errors or leaks. Anything else you would like me to try?

nhosoi commented 7 years ago

Nope, I'm happy with the results. Thanks for running the extra tests!

mreynolds commented 7 years ago

09180b2..9c310b0 master -> master
commit 9c310b0
Author: Mark Reynolds mreynolds@redhat.com
Date: Tue May 3 09:57:36 2016 -0400

a8486ab..492a1d8 389-ds-base-1.3.4 -> 389-ds-base-1.3.4
commit 492a1d8

766bcd1..42ba838 389-ds-base-1.3.3 -> 389-ds-base-1.3.3
commit 42ba838

8817a13..b357e44 389-ds-base-1.3.2 -> 389-ds-base-1.3.2
commit b357e44

ba0358b..1a62647 389-ds-base-1.3.1 -> 389-ds-base-1.3.1
commit 1a62647ea58111875959bd0be2bc60afd8cffc64

e51b423..0a50470 389-ds-base-1.2.11 -> 389-ds-base-1.2.11
commit 0a50470

nhosoi commented 7 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1332709

nhosoi commented 7 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1332710

Metadata Update from @nhosoi:
- Issue assigned to mreynolds
- Issue set to the milestone: 1.2.11.33

7 years ago

spichugi commented 3 years ago

389-ds-base is moving from Pagure to Github. This means that new issues and pull requests
will be accepted only in 389-ds-base's github repository.

This issue has been cloned to Github and is available here:
- https://github.com/389ds/389-ds-base/issues/1873

If you want to receive further updates on the issue, please navigate to the github issue
and click on subscribe button.

Thank you for understanding. We apologize for all inconvenience.

Metadata Update from @spichugi:
- Issue close_status updated to: wontfix (was: Fixed)

3 years ago

Metadata

Assignee

mreynolds

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

1.2.11.33

reviewstatus

ack

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1332709
https://bugzilla.redhat.com/show_bug.cgi?id=1332710

origin

Community

389-ds-base

Source Code

#48813 password history is not updated when an admin resets the password Closed: wontfix None Opened 7 years ago by mreynolds.

Metadata

#48813 password history is not updated when an admin resets the password

Closed: wontfix None Opened 7 years ago by mreynolds.