Skip Menu |
 

From: petesea@bigfoot.com
Date: Mon, 25 Sep 2006 18:04:21 -0700 (Pacific Daylight Time)
Subject: KfW 3.1 beta 2: NIM change password dialog OK is grayed out
To: kfw-bugs@mit.edu
If the NIM "Obtain new credentials" dialog is displayed in the mode for
changing the password (because it's expired), the "OK" button is grayed
out... even after filling in the "Current Password", "New Password" and
"New Password again" fields. Pressing "Enter" doesn't do anything.

This means even though there are fields to change the password, there's no
way to get the dialog to accept the change.
[petesea@bigfoot.com - Mon Sep 25 21:04:47 2006]:

Show quoted text
> If the NIM "Obtain new credentials" dialog is displayed in the mode for
> changing the password (because it's expired), the "OK" button is grayed
> out... even after filling in the "Current Password", "New Password" and
> "New Password again" fields. Pressing "Enter" doesn't do anything.
>
> This means even though there are fields to change the password,
there's no
Show quoted text
> way to get the dialog to accept the change.

This dialog was significantly re-written since last Friday. I can't
replicate this behavior. Please, on Tuesday, obtain a new build and
verify that this is still a problem.
From: petesea@bigfoot.com
Date: Tue, 26 Sep 2006 17:51:24 -0700 (Pacific Daylight Time)
Subject: Re: [krbdev.mit.edu #4333] KfW 3.1 beta 2: NIM change password dialog OK is grayed out
To: Jeffrey Altman via RT <rt-kfw@krbdev.mit.edu>
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.5KiB
On Mon, 25 Sep 2006, Jeffrey Altman via RT wrote:

Show quoted text
> [petesea@bigfoot.com - Mon Sep 25 21:04:47 2006]:
>
>> If the NIM "Obtain new credentials" dialog is displayed in the mode for
>> changing the password (because it's expired), the "OK" button is grayed
>> out... even after filling in the "Current Password", "New Password" and
>> "New Password again" fields. Pressing "Enter" doesn't do anything.
>>
>> This means even though there are fields to change the password, there's
>> no way to get the dialog to accept the change.
>
> This dialog was significantly re-written since last Friday. I can't
> replicate this behavior. Please, on Tuesday, obtain a new build and
> verify that this is still a problem.

Downloaded the newest version (twice to be sure):

https://www.secure-endpoints.com/_private/fnal/kfw-3-1-0-pre-beta-2.exe

Verified the MD5 checksum... and installed it.

I'm still seeing the same behavior described above.

Here's my testing procedure:

- Testing on Windows 2K (5.00.2195) Service Pack 4
- KDC using krb5-1.4.3 on Redhat 7.1
- run .exe installer (select Client only)
- set "modprinc +needchange PRINCIPAL" before starting NIM
- PRINCIPAL is NOT the same as Windows user
- Start NIM
- New Credentials (System tray -> right click -> New Credentials)
- Change "Username" from Windows user to PRINCIPAL
- "Obtain new credentials" dialog shows "Click here to change password"
- Click "here" changes dialog to include new/old password prompts
- "Ok" is grayed out.... even after filling in password fields
- no way to remove dialog (see bug #4331)
Date: Tue, 26 Sep 2006 21:00:32 -0400
From: Jeffrey Altman <jaltman@mit.edu>
To: rt-kfw@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #4333] KfW 3.1 beta 2: NIM change password dialog OK is grayed out
RT-Send-Cc:
The Windows 2000 might be the important part. The Windows 2000
netidmgr is a different set of binaries than the version for the
rest of the platforms due to lack of required functionality in
the Windows 2000 custom controls library.
From: petesea@bigfoot.com
Date: Tue, 26 Sep 2006 19:43:33 -0700 (Pacific Daylight Time)
Subject: Re: [krbdev.mit.edu #4333] KfW 3.1 beta 2: NIM change password dialog OK is grayed out
To: Jeffrey Altman via RT <rt-kfw@krbdev.mit.edu>
RT-Send-Cc:
On Tue, 26 Sep 2006, Jeffrey Altman via RT wrote:

Show quoted text
> The Windows 2000 might be the important part. The Windows 2000 netidmgr
> is a different set of binaries than the version for the rest of the
> platforms due to lack of required functionality in the Windows 2000
> custom controls library.

I just installed it on an XP Pro box (Version 2002 Service Pack 2)... same
results.

The "Ok" button is grayed out and doesn't do anything even after filling
in the password fields. The only option is the "Cancel" button which goes
to a form with only the "Username" and "Realm" fields, no "Password"
field. The "Ok" button is active on this form, but doesn't do anything...
neither does the "Cancel" button.
Date: Tue, 26 Sep 2006 23:07:26 -0400
From: Jeffrey Altman <jaltman@mit.edu>
To: rt-kfw@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #4333] KfW 3.1 beta 2: NIM change password dialog OK is grayed out
RT-Send-Cc:
Download (untitled) / with headers
text/plain 1.4KiB
petesea@bigfoot.com via RT wrote:
Show quoted text
> On Tue, 26 Sep 2006, Jeffrey Altman via RT wrote:
>
>> The Windows 2000 might be the important part. The Windows 2000 netidmgr
>> is a different set of binaries than the version for the rest of the
>> platforms due to lack of required functionality in the Windows 2000
>> custom controls library.
>
> I just installed it on an XP Pro box (Version 2002 Service Pack 2)... same
> results.
>
> The "Ok" button is grayed out and doesn't do anything even after filling
> in the password fields. The only option is the "Cancel" button which goes
> to a form with only the "Username" and "Realm" fields, no "Password"
> field. The "Ok" button is active on this form, but doesn't do anything...
> neither does the "Cancel" button.

I am very confused. The behavior that I observe is as follows:

* Open New Credentials dialog

* Enter username and realm of expired principal

* Enter password of expired principal and press "Ok"

* New Credentials dialog is redrawn to include:

- Username
- Realm
- "Password expired. You must change it now."
- Enter new password
- Enter it again
- Credentials box with links
- [Ok] [Cancel] [Options]

where the Ok button is the default.

The bug I see is that when you enter in the new password twice
that the old password is lost and the user is presented an
incorrect password error dialog with a [Close] button.

Clearing the error dialog returns you to the original New credentials
dialog.

Jeffrey Altman
Date: Tue, 26 Sep 2006 23:18:22 -0400
From: Jeffrey Altman <jaltman@mit.edu>
To: rt-kfw@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #4333] KfW 3.1 beta 2: NIM change password dialog OK is grayed out
RT-Send-Cc:
In the "Credentials" window of the New Credentials dialog does the
first line read "Selected identity: PRINCIPAL (Checking)" in gray
text?

There may be a race condition if you open the New Credentials
dialog before all of the automatic credential renewal operations
complete.
From: petesea@bigfoot.com
Date: Tue, 26 Sep 2006 22:54:05 -0700 (Pacific Daylight Time)
Subject: Re: [krbdev.mit.edu #4333] KfW 3.1 beta 2: NIM change password dialog OK is grayed out
To: Jeffrey Altman via RT <rt-kfw@krbdev.mit.edu>
RT-Send-Cc:
I have a theory.... I think the difference has to do with if the Identity
exists or not... meaning it's defined in the registry. If the Identity
does NOT exist, which will be the case if the password is disabled the
first time the NIM sees the principal, then I think you'll see the
behavior I describe.

I'll send a Word doc with screen shots directly to your other email
address... not sure how well your RT system handles attachments... I know
OUR RT system doesn't handle them very well.

On Tue, 26 Sep 2006, Jeffrey Altman via RT wrote:

Show quoted text
> petesea@bigfoot.com via RT wrote:
>> On Tue, 26 Sep 2006, Jeffrey Altman via RT wrote:
>>
>>> The Windows 2000 might be the important part. The Windows 2000 netidmgr
>>> is a different set of binaries than the version for the rest of the
>>> platforms due to lack of required functionality in the Windows 2000
>>> custom controls library.
>>
>> I just installed it on an XP Pro box (Version 2002 Service Pack 2)... same
>> results.
>>
>> The "Ok" button is grayed out and doesn't do anything even after filling
>> in the password fields. The only option is the "Cancel" button which goes
>> to a form with only the "Username" and "Realm" fields, no "Password"
>> field. The "Ok" button is active on this form, but doesn't do anything...
>> neither does the "Cancel" button.
>
> I am very confused. The behavior that I observe is as follows:
>
> * Open New Credentials dialog
>
> * Enter username and realm of expired principal
>
> * Enter password of expired principal and press "Ok"
>
> * New Credentials dialog is redrawn to include:
>
> - Username
> - Realm
> - "Password expired. You must change it now."
> - Enter new password
> - Enter it again
> - Credentials box with links
> - [Ok] [Cancel] [Options]
>
> where the Ok button is the default.
>
> The bug I see is that when you enter in the new password twice
> that the old password is lost and the user is presented an
> incorrect password error dialog with a [Close] button.
>
> Clearing the error dialog returns you to the original New credentials
> dialog.
>
> Jeffrey Altman
>
Date: Wed, 27 Sep 2006 05:56:50 -0400
From: Jeffrey Altman <jaltman@mit.edu>
To: rt-kfw@krbdev.mit.edu
Subject: Re: [krbdev.mit.edu #4333] KfW 3.1 beta 2: NIM change password dialog OK is grayed out
RT-Send-Cc:
petesea@bigfoot.com via RT wrote:
Show quoted text
> I have a theory.... I think the difference has to do with if the Identity
> exists or not... meaning it's defined in the registry. If the Identity
> does NOT exist, which will be the case if the password is disabled the
> first time the NIM sees the principal, then I think you'll see the
> behavior I describe.
>
> I'll send a Word doc with screen shots directly to your other email
> address... not sure how well your RT system handles attachments... I know
> OUR RT system doesn't handle them very well.

I've already tested this theory by creating new principals in the KDC
and expiring the passwords on creation.

Having received the zip file from you I'm suspecting that the issue is
the error code returned by the KDC. I think it is different in your
revision of the KDC than the one I am running.