Learn more about these different git repos.
Other Git URLs
Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1206121
Description of problem: I was not sure about how sssd should behave if an unsupported time format is used. But it seems, sssd denies access if the time format is unsupported. Good to explicitly mention it in the manpage? I wrote up a modified description. Does it make sense? ppolicy: use account locking. If set, this option denies access in case that ldap attribute ?pwdAccountLockedTime? has value of ?000001010000Z? or represents any time in the past. The value of ?pwdAccountLockedTime? attribute must end with ?Z? as only UTC time zone is currently supported otherwise access is denied for any other time specifications. Version-Release number of selected component (if applicable): sssd-1.12.4-18.el6.x86_64 How reproducible: Steps to Reproduce: 1. I used a time in future: pwdAccountLockedTime= 20160830003750+0000 2. 3. Actual results: User access is denied and sssd cannot parse this value and prints: [is_account_locked] (0x0400): sss_utc_to_time_t failed with 1432158251:Time specification not supported Expected results: Additional info:
Fields changed
blockedby: => blocking: => changelog: => coverity: => design: => design_review: => 0 feature_milestone: => fedora_test_page: => mark: no => 0 owner: somebody => preichl patch: 0 => 1 review: True => 0 selected: => status: new => assigned testsupdated: => 0
milestone: NEEDS_TRIAGE => SSSD 1.12.5 resolution: => fixed status: assigned => closed
Metadata Update from @preichl: - Issue assigned to preichl - Issue set to the milestone: SSSD 1.12.5
SSSD is moving from Pagure to Github. This means that new issues and pull requests will be accepted only in SSSD's github repository.
This issue has been cloned to Github and is available here: - https://github.com/SSSD/sssd/issues/3653
If you want to receive further updates on the issue, please navigate to the github issue and click on subscribe button.
subscribe
Thank you for understanding. We apologize for all inconvenience.
Login to comment on this ticket.