Skip Menu |
 

From: "Machin, Glenn D" <GMachin@sandia.gov>
Subject: When doing a kdb5_util load with ldap backend the password expiration date is not loading
Date: Thu, 5 Mar 2020 18:51:32 +0000
To: "krb5-bugs@mit.edu" <krb5-bugs@mit.edu>

Identified the problem to be not setting KADM5_PW_EXPIRATION in the db entry mask.

 

krb5-1.17/src/kadmin/dbutil/dump.c

 

process_k5beta7_princ()

 

Add KADM5_PW_EXPIRATION to mask:

 

Change:

dbentry->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |

        KADM5_MAX_LIFE | KADM5_MAX_RLIFE |

        KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |

        KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT;

 

To:

 

dbentry->mask = KADM5_LOAD | KADM5_PRINCIPAL | KADM5_ATTRIBUTES |

        KADM5_MAX_LIFE | KADM5_MAX_RLIFE |

        KADM5_PRINC_EXPIRE_TIME | KADM5_LAST_SUCCESS |

        KADM5_LAST_FAILED | KADM5_FAIL_AUTH_COUNT | KADM5_PW_EXPIRATION;

 

Subject: git commit
From: ghudson@mit.edu

Set pw_expiration during LDAP load

When loading a principal entry in process_k5beta7_princ(), set the
KADM5_PW_EXPIRATION mask bit so that the password expiration time is
set on the principal entry. Add a regression test.

Reported (with fix) by Glenn Machin.

https://github.com/krb5/krb5/commit/778d3fd9de50ab0c87cf0031e1dd24a8ec4bd552
Author: Greg Hudson <ghudson@mit.edu>
Commit: 778d3fd9de50ab0c87cf0031e1dd24a8ec4bd552
Branch: master
src/kadmin/dbutil/dump.c | 2 +-
src/tests/t_kdb.py | 8 +++++++-
2 files changed, 8 insertions(+), 2 deletions(-)