Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 88190
Summary: | modifying a user created with shadow-utils causes passwd to expire in 0 days [has patch] | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | jmccann | ||||
Component: | redhat-config-users | Assignee: | Brent Fox <bfox> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 9 | CC: | cschalle, flarg, joe, mark.post, mattdm | ||||
Target Milestone: | --- | ||||||
Target Release: | --- | ||||||
Hardware: | i686 | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2003-09-16 23:12:35 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
jmccann
2003-04-07 15:04:41 UTC
*** Bug 89758 has been marked as a duplicate of this bug. *** It's worse than that -- you don't actually have to change a group or anything. Just double click a user to open their userProperties window, and press okay, and the max password lifetime field will get set to zero if it was previously 99999. Here's what's going on: redhat-config-users has a check to see if password expiration is enabled. It does this by checking if both the password minimum lifetime and the password expiration warning time are set to anything but -1. If either of these has a different value -- and a different value is the /etc/login.defs default -- then it considers password expiration to be enabled. It also checks the password invalid field, but for some reason that I'm not clear on, this value can be either -1 or empty and either way, password expiration is considered active. (Not sure why this one is different -- the code in userProperties.py is the same as the others.) In each case, whenever the value is other than -1, the corresponding field in the password info tag is filled out with that value. If it *is* -1 (or null, in the case of invalid-days), it gets left at the default value of '0'. But then, it does something strange. It tries to make a fourth check, this time to see if password max lifetime is anything but 99999. In other words, the intention to disable password expiration if the four fields are set to -1:99999:-1:-1. Here's the flaw, though: when the value is the magic number 99999, the form field is never filled in! It's left at its default value of 0! This is fine when all the other fields are -1, since then password expiration is considered disabled, the form is greyed out, and nothing happens. But if the max lifetime *is* 99999 but any of the other fields are set, the form gets activated but the 99999 is written as 0, and then written out that way. Ooops! I tried changing the login.defs entries for PASS_MIN_DAYS and PASS_WARN_AGE to -1 as a workaround, but this doesn't work since that just causes the fields to be null. However, setting the default PASS_MAX_DAYS to 99998 *does* work, albeit in a sort of silly way. Of course, I'm not suggesting that kludge as a solution -- the right thing to do is to separate the filling out of the form fields from the logic to decide if expiration is active. (First decide, then set the form.) Created attachment 91549 [details]
moves form-fill to after is-expire-enabled check
Should be fixed in redhat-config-users-1.1.17-1. Long term, the UI in this notebook tab should be improved, but this fix should work in the meantime. *** Bug 101463 has been marked as a duplicate of this bug. *** |