Bug 34726 - More concrete description for automatic lockout of users after failed login attempts
More concrete description for automatic lockout of users after failed login a...
Status: CLOSED FIXED
Product: UCS manual
Classification: Unclassified
Component: User management
unspecified
Other Linux
: P5 normal (vote)
: UCS 4.3
Assigned To: Stefan Gohmann
Arvid Requate
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-05-02 12:15 CEST by Janis Meybohm
Modified: 2019-02-14 12:12 CET (History)
1 user (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 1: Will affect a very few installed domains
How will those affected feel about the bug?: 2: A Pain – users won’t like this once they notice it
User Pain: 0.057
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments
handbuch-4.3.pdf (8.50 MB, application/pdf)
2018-11-12 07:47 CET, Stefan Gohmann
Details
handbuch-4.3.pdf (8.50 MB, application/pdf)
2018-11-12 07:54 CET, Stefan Gohmann
Details
bug34726.patch (1.88 KB, patch)
2018-11-27 14:13 CET, Arvid Requate
Details | Diff
qa34726.diff (8.53 KB, patch)
2019-01-09 20:31 CET, Arvid Requate
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Janis Meybohm univentionstaff 2014-05-02 12:15:42 CEST
"Automatic lockout of users after failed login attempts" lacks some concrete descriptions of which services are getting locked (Samba, Kerberos, LDAP-Bind?) and if/how the system works different when using Samba4.
Comment 1 Janis Meybohm univentionstaff 2014-05-02 12:24:20 CEST
The chapter should also explain how these faillog settings come together with the Samba lockout settings (with samba3 and samba4).
Comment 2 Stefan Gohmann univentionstaff 2018-11-12 07:47:32 CET
Created attachment 9732 [details]
handbuch-4.3.pdf
Comment 3 Stefan Gohmann univentionstaff 2018-11-12 07:54:34 CET
Created attachment 9733 [details]
handbuch-4.3.pdf
Comment 4 Stefan Gohmann univentionstaff 2018-11-12 07:56:40 CET
(In reply to Stefan Gohmann from comment #3)
> Created attachment 9733 [details]
> handbuch-4.3.pdf

See PDF file, chapter 6.5. Git branch: stefan/bug34726-lockout

Please reopen the issue after the QA. I need to merge and translate these changes.
Comment 5 Arvid Requate univentionstaff 2018-11-27 14:13:41 CET
Created attachment 9757 [details]
bug34726.patch

Proposal for some small changes.
Comment 6 Stefan Gohmann univentionstaff 2019-01-08 07:48:37 CET
Thanks, I've applied your patch and I've also translated the section:

http://jenkins.knut.univention.de:8080/view/Doku/job/BuildDocBookBranch/48/artifact/webroot/manual-4.3.html#users:faillog

If the link is now longer available, you can simple build the Git branch stefan/bug34726-lockout with the following Jenkins job:
 http://jenkins.knut.univention.de:8080/view/Doku/job/BuildDocBookBranch/

Please reopen the bug after the QA, so that I can merge it to the manual.
Comment 7 Arvid Requate univentionstaff 2019-01-09 20:31:43 CET
Created attachment 9797 [details]
qa34726.diff

Ok, pretty good, while checking the english version I found three small points could be improved, see attached patch proposal:

* IMHO the readability of the Samba part improves when the --lockout-threshold is described as first option, before the --lockout-duration.

* The purpose of the --reset-account-lockout-after option was hard to understand and I've made it a bit more explicit.

* Likewise the interaction of PAM global account lock (actually account disable) and local lockout via listener was a bit tough to read if you don't know the implementation details.

If you think that this makes sense you may merge it.
Comment 8 Stefan Gohmann univentionstaff 2019-01-15 07:13:24 CET
(In reply to Arvid Requate from comment #7)
> Created attachment 9797 [details]
> qa34726.diff
[...]
> If you think that this makes sense you may merge it.

Yes, that makes sense. Thanks.

I've merged everything to UCS 4.3-3 and 4.4-0. I set this issue to verified.
Comment 9 Stefan Gohmann univentionstaff 2019-01-15 07:13:41 CET
(In reply to Stefan Gohmann from comment #8)
> I've merged everything to UCS 4.3-3 and 4.4-0. I set this issue to verified.
Comment 10 Philipp Hahn univentionstaff 2019-02-14 12:12:59 CET
[master] dd16110 Bug #46874,Bug #32277,Bug #36733,Bug #39556,Bug #40162,Bug #41684,Bug #34726,Bug #41305,Bug #36869: PUBLISH