GNOME Bugzilla – Bug 572246
Incorrect notification when account locked in AD
Last modified: 2018-01-10 21:09:24 UTC
Please describe the problem: I bumped into this one when my AD account got locked and krb5-auth-dialog was about to renew the credentials. Because the account was locked, the ticket was not renewed. However, krb5-auth-dialog still said "Your Kerberos credentials have been refreshed.". I think this may be related to the fact that remaining, as calculated in ka_update_status() function from creds_expiry will still be > 0 (because the old ticket is kept). Maybe we should also pass the status of renewal to ka_update_status(), so that we don't incorrectly notify that ticket has been renewed. Steps to reproduce: 1. Configure krb5 authentication against AD. 2. Lock your account (usually, 3 successive attempts to login with wrong pwd). 3. Do this 1/2 hour before ticket expiry and see what krb5-auth-dialog does. Actual results: User is notified that ticket has been refreshed. Expected results: User should be told that refresh process did not end successfully. Does this happen every time? Yes. Other information:
-- GitLab Migration Automatic Message -- This bug has been migrated to GNOME's GitLab instance and has been closed from further activity. You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/GNOME/krb5-auth-dialog/issues/2.