Incorrect mapping for locked vs expired accounts with the krb provider

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/2924

• Created at 2016-01-13 20:34:26 by simo
• Closed as Fixed
• Assigned to simo

---

Currently the krb provider maps KRB5KDC_ERR_CLIENT_REVOKED as ERR_ACCOUNT_EXPIRED.
This is incorrect as KRB5KDC_ERR_CLIENT_REVOKED is returned by the KDC when an acount lockut is in effect.
When an account is expired the kdc returns KRB5KDC_ERR_NAME_EXP.

Comments

---

Comment from simo at 2016-01-13 20:56:37

Fields changed

patch: 0 => 1

---

Comment from jhrozek at 2016-01-14 13:54:46

Fields changed

owner: somebody => simo

---

Comment from jhrozek at 2016-01-14 16:33:27

Fields changed

rhbz: => 0

---

Comment from jhrozek at 2016-01-14 16:48:03

Fields changed

milestone: NEEDS_TRIAGE => SSSD 1.14 alpha

---

Comment from jhrozek at 2016-01-14 18:36:29

• master: 19e4453

resolution: => fixed
status: new => closed

---

Comment from simo at 2017-02-24 15:03:23

Metadata Update from @Simo:

• Issue assigned to simo
• Issue set to the milestone: SSSD 1.14 alpha