directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kiran Ayyagari (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-2051) Getting Password Expired Instead of Invalid Credentials
Date Wed, 01 Apr 2015 06:49:52 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-2051?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14390093#comment-14390093
] 

Kiran Ayyagari commented on DIRSERVER-2051:
-------------------------------------------

[~dpaulsen] Do you see any security implication if the error message provides the reason "password
expired" in the 
error message?

I don't see any and IMO, it is informative to users without requiring to decode the passwordpolicy
response control. 
Also, note that the detail about why the login was unsuccessful is already present in the
ppolicy response control 
present in BindResponse.

> Getting Password Expired Instead of Invalid Credentials
> -------------------------------------------------------
>
>                 Key: DIRSERVER-2051
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2051
>             Project: Directory ApacheDS
>          Issue Type: Bug
>            Reporter: David Paulsen
>
> When I log in with invalid credentials AND the password is expired, I 
> would expect to get the invalid credentials error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: ERR_229 
> Cannot authenticate user 
> uid=admin,ou=DJPS1,ou=DVHead,dc=kewilltransport,dc=com
> Instead I get the password expired error:
> LDAPException: Invalid Credentials (49) Invalid Credentials
> LDAPException: Server Message: INVALID_CREDENTIALS: Bind failed: paasword 
> expired
> I would think we should get the invalid credentials error in that case.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message