Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • krb5-auth-dialog krb5-auth-dialog
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 8
    • Issues 8
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 0
    • Merge requests 0
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Packages & Registries
    • Packages & Registries
    • Container Registry
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Wiki
    • Wiki
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • GNOME
  • krb5-auth-dialogkrb5-auth-dialog
  • Issues
  • #2

Closed
Open
Created Feb 18, 2009 by Bugzilla@bugzilla-migration💬Reporter

Incorrect notification when account locked in AD

Submitted by Bojan Smojver

Link to original bug (#572246)

Description

Please describe the problem: I bumped into this one when my AD account got locked and krb5-auth-dialog was about to renew the credentials. Because the account was locked, the ticket was not renewed. However, krb5-auth-dialog still said "Your Kerberos credentials have been refreshed.". I think this may be related to the fact that remaining, as calculated in ka_update_status() function from creds_expiry will still be > 0 (because the old ticket is kept).

Maybe we should also pass the status of renewal to ka_update_status(), so that we don't incorrectly notify that ticket has been renewed.

Steps to reproduce:

  1. Configure krb5 authentication against AD.
  2. Lock your account (usually, 3 successive attempts to login with wrong pwd).
  3. Do this 1/2 hour before ticket expiry and see what krb5-auth-dialog does.

Actual results: User is notified that ticket has been refreshed.

Expected results: User should be told that refresh process did not end successfully.

Does this happen every time? Yes.

Other information:

Assignee
Assign to
Time tracking