https://bugzilla.redhat.com/show_bug.cgi?id=785864 (Red Hat Enterprise Linux 6)
Description of problem: ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : :: [ LOG ] :: Verify Failure Counter Iteration ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: : :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [0] Expected: [1] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [0] Expected: [2] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [0] Expected: [3] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [0] Expected: [4] :: [ LOG ] :: ERROR: kinit as user1 with password BADPWD failed. :: [ PASS ] :: Kinit as user with invalid password :: [ LOG ] :: kinit as admin with password Secret123 was successful. :: [ PASS ] :: Running 'kinitAs admin Secret123' :: [ FAIL ] :: User's failed counter is NOT as expected. Got: [0] Expected: [5] :: [ LOG ] :: Duration: 23s :: [ LOG ] :: Assertions: 10 good, 5 bad :: [ FAIL ] :: RESULT: Verify Failure Counter Iteration # kinit jenny Password for jenny@TESTRELM.COM: kinit: Password incorrect while getting initial credentials # ipa user-show --all jenny dn: uid=jenny,cn=users,cn=accounts,dc=testrelm,dc=com User login: jenny First name: Jenny Last name: Galipeau Full name: Jenny Galipeau Display name: Jenny Galipeau Initials: JG Home directory: /home/jenny GECOS field: Jenny Galipeau Login shell: /bin/sh Kerberos principal: jenny@TESTRELM.COM UID: 809400167 GID: 809400167 Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True ipauniqueid: 3c26ebd2-4b51-11e1-8ed9-525400d5df12 krbextradata: AAJM8CZPa2FkbWluZEBURVNUUkVMTS5DT00A krblastpwdchange: 20120130193228Z krbloginfailedcount: 0 <================================================ krbpasswordexpiration: 20120429193228Z krbpwdpolicyreference: cn=global_policy,cn=TESTRELM.COM,cn=kerberos,dc=testrelm,dc=com krbticketflags: 128 mepmanagedentry: cn=jenny,cn=groups,cn=accounts,dc=testrelm,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, mepOriginEntry # ssh -l jenny localhost jenny@localhost's password: Permission denied, please try again. jenny@localhost's password: Permission denied, please try again. jenny@localhost's password: Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password). # ipa user-show --all jenny dn: uid=jenny,cn=users,cn=accounts,dc=testrelm,dc=com User login: jenny First name: Jenny Last name: Galipeau Full name: Jenny Galipeau Display name: Jenny Galipeau Initials: JG Home directory: /home/jenny GECOS field: Jenny Galipeau Login shell: /bin/sh Kerberos principal: jenny@TESTRELM.COM UID: 809400167 GID: 809400167 Account disabled: False Password: True Member of groups: ipausers Kerberos keys available: True ipauniqueid: 3c26ebd2-4b51-11e1-8ed9-525400d5df12 krbextradata: AAJM8CZPa2FkbWluZEBURVNUUkVMTS5DT00A krblastpwdchange: 20120130193228Z krbloginfailedcount: 0 <=================================================== krbpasswordexpiration: 20120429193228Z krbpwdpolicyreference: cn=global_policy,cn=TESTRELM.COM,cn=kerberos,dc=testrelm,dc=com krbticketflags: 128 mepmanagedentry: cn=jenny,cn=groups,cn=accounts,dc=testrelm,dc=com objectclass: top, person, organizationalperson, inetorgperson, inetuser, posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, mepOriginEntry Version-Release number of selected component (if applicable): ipa-server-2.2.0-101.20120127T0607zgit6863b8f.el6.x86_64 How reproducible: Steps to Reproduce: 1. see description 2. 3. Actual results: This is a regression Expected results: Additional info:
krbLastSuccessfulAuth and krbLastFailedAuth are not being set either.
Yep, I am working on all the auditing attributes in the same patch
master: 651f932
ipa-2-2: 5a087e6
Metadata Update from @mkosek: - Issue assigned to simo - Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
Login to comment on this ticket.