Incorrect notification when account locked in AD
Submitted by Bojan Smojver
Please describe the problem: I bumped into this one when my AD account got locked and krb5-auth-dialog was about to renew the credentials. Because the account was locked, the ticket was not renewed. However, krb5-auth-dialog still said "Your Kerberos credentials have been refreshed.". I think this may be related to the fact that remaining, as calculated in ka_update_status() function from creds_expiry will still be > 0 (because the old ticket is kept).
Maybe we should also pass the status of renewal to ka_update_status(), so that we don't incorrectly notify that ticket has been renewed.
Steps to reproduce:
- Configure krb5 authentication against AD.
- Lock your account (usually, 3 successive attempts to login with wrong pwd).
- Do this 1/2 hour before ticket expiry and see what krb5-auth-dialog does.
Actual results: User is notified that ticket has been refreshed.
Expected results: User should be told that refresh process did not end successfully.
Does this happen every time? Yes.