Bug 29918 – Password interval of 0 days misleading

Bug 29918 - Password interval of 0 days misleading


Summary:	Password interval of 0 days misleading

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	Password changes
Version:	UCS 3.1
Hardware:	Other Linux

Importance:	P5 enhancement (vote)
Target Milestone:	UCS 3.1-1
Assigned To:	Lukas Walter
QA Contact:	Felix Botner

URL:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2013-01-04 10:05 CET by Kevin Dominik Korte
Modified:	2017-08-14 15:02 CEST (History)
CC List:	2 users (show)

See Also:	41865
What kind of report is it?:	---
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Kevin Dominik Korte

2013-01-04 10:05:14 CET

In the Passwordpolicy the individual tests are disabled by setting them to 0. If setting the Password age to 0, it however expires the password on the same day for the posix interval.

Kerberos (Samba 4) still continue to work.

Comment 1 Kevin Dominik Korte

2013-01-07 11:27:39 CET

This refers to setting the UMC Password policy to 0 days. All other settings, history and complexity, however have 0 for disabling the policy.

As the Samba4 settings are not effected the login on windows clients is still possible while using linux services such as mail is not.

Expected would be that either 0 disables all policies or that Samba 4 is effected as well.

Comment 2 Arvid Requate

2013-01-07 12:28:20 CET

The "Password expiry interval" can be set empty to disable password expiry. This is the default. The manual does not mention this clear enough and I created a new bug 29946 against the UCS manual for this.

The proposal of this bug is an enhancement of the interpretation of the special value "0" in the UDM passowrd policy. Probably required changes can be minimized by interpreting this special value on the level of UDM properties and simply mapping it to an empty LDAP attribute.

If this bug should be fixed, I would recommend creating a similar enhancement bug for the interpretation of the UDM property maxPasswordAge part of the Samba domain object.

The Samba passowrd policy settings are not connected to the Samba settings currently. The maximum password age attribute of the Samba domain object is disabled by setting to either empty or to the special value of -1 (IIRC, see also recent bug 29775).

Comment 3 Lukas Walter

2013-03-08 16:20:17 CET

(In reply to comment #1)
> This refers to setting the UMC Password policy to 0 days. All other settings,
> history and complexity, however have 0 for disabling the policy.
> 
> As the Samba4 settings are not effected the login on windows clients is still
> possible while using linux services such as mail is not.
> 
> Expected would be that either 0 disables all policies or that Samba 4 is
> effected as well.

A value of "0" should affect Posix the same way it effects Kerberos from now on.


univention-directory-manager-modules (8.0.142-1) unstable; urgency=low
  * deactivate password expiry for posix if set to "0" in the related policy
  (Bug #29918)

svn 39494

Comment 4 Felix Botner

2013-03-12 17:09:03 CET

OK, password expiry (linux, kerberos) is disabled if setting "Password expiry interval" to 0 (as in samba, when setting maxPasswordAge to 0).

Changelog entry exists.

Comment 5 Stefan Gohmann

2013-03-25 19:56:43 CET

UCS 3.1-1 has been released: 
 http://download.univention.de/doc/release-notes-3.1-1_en.pdf
 http://download.univention.de/doc/release-notes-3.1-1.pdf

If this error occurs again, please use "Clone This Bug".