Bug 34156 - univention-s4search should not try kerberos by default
Summary: univention-s4search should not try kerberos by default
Status: RESOLVED WONTFIX
Alias: None
Product: UCS
Classification: Unclassified
Component: Samba4
Version: UCS 4.4
Hardware: Other Linux
: P5 normal
Target Milestone: ---
Assignee: Samba maintainers
QA Contact:
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-19 14:15 CET by Arvid Requate
Modified: 2025-02-05 09:29 CET (History)
3 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 2: Improvement: Would be a product improvement
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 1: Nuisance – not a big deal but noticeable
User Pain: 0.011
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Arvid Requate univentionstaff 2014-02-19 14:15:04 CET 
While testing the bad password lockout I discovered that

 univention-s4search -Utestuser%wrongpassword

increases the badPwdCount by 2. If "-k no" is given, the badPwdCount only increases by 1. I think we may better default to this setting to avoid the additional Kerberos operation. From diffing the logs it looks like this also reduces the steps performed during a successful authorization.  This new default can then be overridden by appending a "-k yes" on the commandline.
Comment 1 Lukas Oyen univentionstaff 2016-09-14 16:09:48 CEST 
See https://forge.univention.org/bugzilla/show_bug.cgi?id=41835#c1 for a possible fix.
Comment 2 Jan-Luca Kiok univentionstaff 2025-02-05 09:29:12 CET 
This issue has been filed against UCS 4.4.

UCS 4.4 is out of maintenance and components may have vastly changed in later releases. Thus, this issue is now being closed.

If this issue still occurs in newer versions, please use "Clone this bug" or reopen this issue. In this case please provide information on how this issue is affecting you.