freeipa

Clone
Source Code
GIT

#2334 Users Failed Login attempts are not iterating the counter
Closed: Fixed None Opened 12 years ago by mkosek.

Closed: Fixed
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=785864 (Red Hat Enterprise Linux 6)

Description of problem:


:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: Verify Failure Counter Iteration
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0]
Expected: [1]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0]
Expected: [2]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0]
Expected: [3]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0]
Expected: [4]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [0]
Expected: [5]
:: [   LOG    ] :: Duration: 23s
:: [   LOG    ] :: Assertions: 10 good, 5 bad
:: [   FAIL   ] :: RESULT: Verify Failure Counter Iteration

# kinit jenny
Password for jenny@TESTRELM.COM:
kinit: Password incorrect while getting initial credentials


# ipa user-show --all jenny
  dn: uid=jenny,cn=users,cn=accounts,dc=testrelm,dc=com
  User login: jenny
  First name: Jenny
  Last name: Galipeau
  Full name: Jenny Galipeau
  Display name: Jenny Galipeau
  Initials: JG
  Home directory: /home/jenny
  GECOS field: Jenny Galipeau
  Login shell: /bin/sh
  Kerberos principal: jenny@TESTRELM.COM
  UID: 809400167
  GID: 809400167
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 3c26ebd2-4b51-11e1-8ed9-525400d5df12
  krbextradata: AAJM8CZPa2FkbWluZEBURVNUUkVMTS5DT00A
  krblastpwdchange: 20120130193228Z
  krbloginfailedcount: 0   <================================================
  krbpasswordexpiration: 20120429193228Z
  krbpwdpolicyreference:
cn=global_policy,cn=TESTRELM.COM,cn=kerberos,dc=testrelm,dc=com
  krbticketflags: 128
  mepmanagedentry: cn=jenny,cn=groups,cn=accounts,dc=testrelm,dc=com
  objectclass: top, person, organizationalperson, inetorgperson, inetuser,
posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, mepOriginEntry


# ssh -l jenny localhost
jenny@localhost's password:
Permission denied, please try again.
jenny@localhost's password:
Permission denied, please try again.
jenny@localhost's password:
Permission denied (publickey,gssapi-keyex,gssapi-with-mic,password).

# ipa user-show --all jenny
  dn: uid=jenny,cn=users,cn=accounts,dc=testrelm,dc=com
  User login: jenny
  First name: Jenny
  Last name: Galipeau
  Full name: Jenny Galipeau
  Display name: Jenny Galipeau
  Initials: JG
  Home directory: /home/jenny
  GECOS field: Jenny Galipeau
  Login shell: /bin/sh
  Kerberos principal: jenny@TESTRELM.COM
  UID: 809400167
  GID: 809400167
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True
  ipauniqueid: 3c26ebd2-4b51-11e1-8ed9-525400d5df12
  krbextradata: AAJM8CZPa2FkbWluZEBURVNUUkVMTS5DT00A
  krblastpwdchange: 20120130193228Z
  krbloginfailedcount: 0  <===================================================
  krbpasswordexpiration: 20120429193228Z
  krbpwdpolicyreference:
cn=global_policy,cn=TESTRELM.COM,cn=kerberos,dc=testrelm,dc=com
  krbticketflags: 128
  mepmanagedentry: cn=jenny,cn=groups,cn=accounts,dc=testrelm,dc=com
  objectclass: top, person, organizationalperson, inetorgperson, inetuser,
posixaccount, krbprincipalaux, krbticketpolicyaux, ipaobject, mepOriginEntry

Version-Release number of selected component (if applicable):
ipa-server-2.2.0-101.20120127T0607zgit6863b8f.el6.x86_64

How reproducible:


Steps to Reproduce:
1. see description
2.
3.

Actual results:
This is a regression

Expected results:


Additional info:

krbLastSuccessfulAuth and krbLastFailedAuth are not being set either.

Yep, I am working on all the auditing attributes in the same patch

master: 651f932

ipa-2-2: 5a087e6

Metadata Update from @mkosek:
- Issue assigned to simo
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/02
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
IPA
2162, 2393
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=785864
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.