SSSD should respect krbprincipalexpiration in IPA for any authentication method

[sssd-bot]

Cloned from Pagure issue: https://pagure.io/SSSD/sssd/issue/3049

• Created at 2016-06-20 15:34:46 by strikerttd
• Assigned to nobody

---

SSSD should respect krbprincipalexpiration in IPA for any authentication method. In a test, this attribute was not respected for SSH key based authentication by an IPA user to an IPA client machine. While this means that the user cannot open a ticket, they are still able to access the IPA client machine.

Comments

---

Comment from jhrozek at 2016-06-23 17:09:46

In the next version, we should fist list all the attributes currently used for account lockout or marking the account as disabled, then see which of those should sssd honour under which condition.

At least the first part should be done in the next upstream version, then we'll also know the scope of the changes better.

milestone: NEEDS_TRIAGE => SSSD 1.15 Beta

---

Comment from strikerttd at 2016-06-23 17:18:07

Enabled\Disabled Diff: https://paste.fedoraproject.org/383740/66950651/

Not sure if I understand this correctly. There seems to be no noticeable difference beyond uSNChanged and userAccountControl.

_comment0: Enabled\Disabled Diff:
https://paste.fedoraproject.org/383740/66950651/ => 1466695260313121

---

Comment from jhrozek at 2016-07-27 17:20:32

Fields changed

rhbz: => todo

---

Comment from strikerttd at 2017-02-24 14:22:17

Metadata Update from @strikerttd:

• Issue set to the milestone: SSSD 1.15.3

---

Comment from jhrozek at 2017-03-15 11:35:29

Metadata Update from @jhrozek:

• Custom field design_review reset
• Custom field mark reset
• Custom field patch reset
• Custom field review reset
• Custom field sensitive reset
• Custom field testsupdated reset
• Issue close_status updated to: None
• Issue set to the milestone: SSSD 1.15.4 (was: SSSD 1.15.3)

---

Comment from jhrozek at 2017-08-18 16:57:58

Metadata Update from @jhrozek:

• Custom field design_review reset (from false)
• Custom field mark reset (from false)
• Custom field patch reset (from false)
• Custom field review reset (from false)
• Custom field sensitive reset (from false)
• Custom field testsupdated reset (from false)
• Issue tagged with: cleanup-future

---

Comment from jhrozek at 2017-08-23 16:57:23

Metadata Update from @jhrozek:

• Custom field design_review reset (from false)
• Custom field mark reset (from false)
• Custom field patch reset (from false)
• Custom field review reset (from false)
• Custom field sensitive reset (from false)
• Custom field testsupdated reset (from false)
• Issue untagged with: cleanup-future
• Issue set to the milestone: SSSD Future releases (no date set yet) (was: SSSD 1.15.4)

---

Comment from thalman at 2020-03-13 11:39:01

Metadata Update from @thalman:

• Custom field design_review reset (from false)
• Custom field mark reset (from false)
• Custom field patch reset (from false)
• Custom field review reset (from false)
• Custom field sensitive reset (from false)
• Custom field testsupdated reset (from false)
• Issue tagged with: Future milestone

[andreboscatto]

Dear Contributor/User,

Recognizing the importance of addressing enhancements, bugs, and issues for the SSSD project's quality and reliability, we also need to consider our long-term goals and resource constraints.

After thoughtful consideration, regrettably, we are unable to address this request at this time. To avoid any misconception, we're closing it; however, we encourage continued collaboration and contributions from anyone interested.

We apologize for any inconvenience and appreciate your understanding of our resource limitations. While you're welcome to open a new issue (or reopen this one), immediate attention may not be guaranteed due to competing priorities.

Thank you once again for sharing your feedback. We look forward to ongoing collaboration to deliver the best possible solutions, supporting in any way we can.

Best regards,
André Boscatto