GNOME Bugzilla – Bug 699293
Handle case in in user panel where enterprise login needs password change
Last modified: 2013-05-06 12:32:11 UTC
When adding a newly created (in the domain) FreeIPA or AD user via the user panel as an enterprise login, it's likely that user will need to change password at first login. This means we can't use their credentials to join the domain. So instead of complaining, we should just fall through to prompting for admin credentials, as we currently do if the user did not have permission to join the machine to the domain on their own.
Created attachment 242892 [details] [review] user-accounts: When enterprise account disabled, join as admin When an enterprise login user account is disabled, or needs to have its password change, just prompt for the administrator to do the join to the domain. This is exactly the same fall through as if the user does not have permission to join a machine to a domain.
Created attachment 242893 [details] [review] user-accounts: When enterprise account disabled, join as admin When an enterprise login user account is disabled, or needs to have its password change, just prompt for the administrator to do the join to the domain. This is exactly the same fall through as if the user does not have permission to join a machine to a domain.
Discovered during Fedora test days. Downstream Fedora bug is here: https://bugzilla.redhat.com/show_bug.cgi?id=955691
Patch tested on gnome-3-8 branch, applies to master as well.
Ondrej, do you have time to review this change? I'd like to get it in by Monday, in preparation for an upcoming AD test day.
Review of attachment 242893 [details] [review]: ::: panels/user-accounts/um-realm-manager.c @@ +825,3 @@ + case KRB5_PROG_ETYPE_NOSUPP: + g_simple_async_result_set_error (async, UM_REALM_ERROR, UM_REALM_ERROR_CANNOT_AUTH, + _("Cannot log in as %s at the %s domain"), Is that going to be a user-visible error? If not, remove the string for gnome-3-8.
(In reply to comment #6) > Review of attachment 242893 [details] [review]: > > ::: panels/user-accounts/um-realm-manager.c > @@ +825,3 @@ > + case KRB5_PROG_ETYPE_NOSUPP: > + g_simple_async_result_set_error (async, UM_REALM_ERROR, > UM_REALM_ERROR_CANNOT_AUTH, > + _("Cannot log in as %s at the > %s domain"), > > Is that going to be a user-visible error? If not, remove the string for > gnome-3-8. It's an exact copy of the string above. That should be fine as far as string freeze, no?
I didn't realise that. Looks good then.
Attachment 242893 [details] pushed as 2271a78 - user-accounts: When enterprise account disabled, join as admin
Pushed to master as well