First Last Prev Next    This bug is not in your last search results.
Bug 44788 - setting the accountexpiry to 2038 causes the kerberos principal to expire: 1902-xx-xx and creates a locked account
setting the accountexpiry to 2038 causes the kerberos principal to expire: 19...
Status: NEW
Product: UCS
Classification: Unclassified
Component: Kerberos
UCS 5.0
Other Linux
: P5 normal (vote)
: ---
Assigned To: UCS maintainers
UCS maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-15 10:52 CEST by Jens Thorp-Hansen
Modified: 2020-06-22 11:16 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 3: Simply Wrong: The implementation doesn't match the docu
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.069
Enterprise Customer affected?: Yes
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2017061321000359
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jens Thorp-Hansen univentionstaff 2017-06-15 10:52:41 CEST 
setting the accountexpiry to a day in 2038 causes the kerberos principal to expire: 1902-xx-xx and results in a locked account

Testenvironment: 10.200.6.150
Testuser: issuetest

Steps to reproduce:

- via UMC set the accountexpiry to someday in 2038
- check the kerberos principal:

root@ucs-7906:~# kadmin -l get issuetest
            Principal: issuetest@dom.ain
    Principal expires: 1902-05-19 15:31:44 UTC
     Password expires: never
 Last password change: 2017-06-04 16:15:44 UTC

Related: 
https://de.wikipedia.org/wiki/Jahr-2038-Problem
https://en.wikipedia.org/wiki/Year_2038_problem
Comment 1 Florian Best univentionstaff 2017-12-28 20:43:48 CET 
This bug doesn't affect the UDM component:

# univention-ldapsearch -LLLb uid=bfbemmr59x,cn=users,dc=dev,dc=local | ldapsearch-wrapper > ldif1.ldif
# udm users/user modify --dn uid=bfbemmr59x,cn=users,dc=dev,dc=local --set userexpiry=2038-12-30
Object modified: uid=bfbemmr59x,cn=users,dc=dev,dc=local
# univention-ldapsearch -LLLb uid=bfbemmr59x,cn=users,dc=dev,dc=local | ldapsearch-wrapper > ldif2.ldif
# ldiff ldif1.ldif ldif2.ldif 
 dn: uid=bfbemmr59x,cn=users,dc=dev,dc=local
+shadowExpire: 25200
+sambaKickoffTime: 2177276400
+krb5ValidEnd: 20381230000000Z

It still applies to UCS 4.3.
First Last Prev Next    This bug is not in your last search results.