Univention Bugzilla – Bug 44788
setting the accountexpiry to 2038 causes the kerberos principal to expire: 1902-xx-xx and creates a locked account
Last modified: 2020-06-22 11:16:21 CEST
setting the accountexpiry to a day in 2038 causes the kerberos principal to expire: 1902-xx-xx and results in a locked account Testenvironment: 10.200.6.150 Testuser: issuetest Steps to reproduce: - via UMC set the accountexpiry to someday in 2038 - check the kerberos principal: root@ucs-7906:~# kadmin -l get issuetest Principal: issuetest@dom.ain Principal expires: 1902-05-19 15:31:44 UTC Password expires: never Last password change: 2017-06-04 16:15:44 UTC Related: https://de.wikipedia.org/wiki/Jahr-2038-Problem https://en.wikipedia.org/wiki/Year_2038_problem
This bug doesn't affect the UDM component: # univention-ldapsearch -LLLb uid=bfbemmr59x,cn=users,dc=dev,dc=local | ldapsearch-wrapper > ldif1.ldif # udm users/user modify --dn uid=bfbemmr59x,cn=users,dc=dev,dc=local --set userexpiry=2038-12-30 Object modified: uid=bfbemmr59x,cn=users,dc=dev,dc=local # univention-ldapsearch -LLLb uid=bfbemmr59x,cn=users,dc=dev,dc=local | ldapsearch-wrapper > ldif2.ldif # ldiff ldif1.ldif ldif2.ldif dn: uid=bfbemmr59x,cn=users,dc=dev,dc=local +shadowExpire: 25200 +sambaKickoffTime: 2177276400 +krb5ValidEnd: 20381230000000Z It still applies to UCS 4.3.