Issue #2540: Password Policy Failure Interval Reset is not working. - freeipa

freeipa

#2540 Password Policy Failure Interval Reset is not working.

Closed: Fixed None Opened 12 years ago by dpal.

https://bugzilla.redhat.com/show_bug.cgi?id=804096 (Red Hat Enterprise Linux 6)

Description of problem:

--failinterval=INT  Period after which failure count will be reset (seconds)

Failure counter is not getting reset after interval period ::

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: Failue Interval - before and after interval expiration - 10
second interval - 1 bad attempt
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname:
[user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [10]
:: [   PASS   ] :: Interval value correct [10]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached -
interval not expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: Sleeping for 10 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached -
interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [2]
Expected: [1]
:: [   LOG    ] :: Duration: 46s
:: [   LOG    ] :: Assertions: 12 good, 1 bad
:: [   FAIL   ] :: RESULT: Failue Interval - before and after interval
expiration - 10 second interval - 1 bad attempt


:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: Failure Interval - before and after interval expiration - 30
second interval - 2 bad attempts
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [   LOG    ] :: create ipa user: [user1], firstname: [user1], lastname:
[user1]  password: [Secret123]
:: [   PASS   ] :: delete account [user1]
:: [   LOG    ] :: create ipa user: [user1], password: [Secret123]
:: [   PASS   ] :: add test user account
:: [   LOG    ] :: kinit as user1 with new password Secret123 was successful.
:: [   PASS   ] :: Creating a test user1
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: Setting failinterval to value of [30]
:: [   PASS   ] :: Interval value correct [30]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached -
interval not expired. Attempt [1]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached -
interval not expired. Attempt [2]
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleeping for 30 seconds
:: [   LOG    ] :: ERROR: kinit as user1 with password BADPWD failed.
:: [   PASS   ] :: Kinit as user with valid password. Max failures reached -
interval expired
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [3]
Expected: [1]
:: [   LOG    ] :: Duration: 1m 9s
:: [   LOG    ] :: Assertions: 14 good, 1 bad
:: [   FAIL   ] :: RESULT: Failure Interval - before and after interval
expiration - 30 second interval - 2 bad attempts


:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:
:: [   LOG    ] :: Group Failures Policy Enforcement - Failure Interval
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:

:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [1]
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   PASS   ] :: User's failed counter is as expected: [2]
:: [   LOG    ] :: Sleep for interval duration
:: [   LOG    ] :: ERROR: kinit as grpuser with password BADPWD failed.
:: [   PASS   ] :: Kinit as group policy user with invalid password
:: [   LOG    ] :: kinit as admin with password Secret123 was successful.
:: [   PASS   ] :: Running 'kinitAs admin Secret123'
:: [   FAIL   ] :: User's failed counter is NOT as expected.  Got: [3]
Expected: [1]
:: [   LOG    ] :: Duration: 27s
:: [   LOG    ] :: Assertions: 8 good, 1 bad
:: [   FAIL   ] :: RESULT: Group Failures Policy Enforcement - Failure Interval


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-4.el6.x86_64

How reproducible:
always

Steps to Reproduce:
1. already automated see description
2.
3.

Actual results:
user failure counter to be reset after interval

Expected results:
failure counter not being reset after interval

Additional info:

rcritten commented 12 years ago

It is querying krbpwdmaxfailurecountinterval instead of krbpwdfailurecountinterval

rcritten commented 12 years ago

attachment
freeipa-rcrit-999-failurecount.patch

rcritten commented 12 years ago

master: 56fa06f

ipa-2-2: 27ae10d

Metadata Update from @dpal:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 2.2 Core Effort - 2012/03

7 years ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 2.2 Core Effort - 2012/03

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=804096

tester

None

changelog

None

design

None

freeipa

Source Code

#2540 Password Policy Failure Interval Reset is not working. Closed: Fixed None Opened 12 years ago by dpal.

Metadata

#2540 Password Policy Failure Interval Reset is not working.

Closed: Fixed None Opened 12 years ago by dpal.