directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Warren Rogers (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (DIRSERVER-2210) Password policy pwdMinAge check should check for required reset
Date Thu, 21 Sep 2017 20:26:00 GMT

    [ https://issues.apache.org/jira/browse/DIRSERVER-2210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16175401#comment-16175401
] 

Warren Rogers commented on DIRSERVER-2210:
------------------------------------------

Within AuthintacationINterceptor, line 1552, the check is: 
*
{code:java}
if ( policyConfig.isPwdMustChange() && userSession.isPwdMustChange() )
        {
            return false;
        }
{code}

 userSession.isPwdMustChange seems to be the wrong object to ask for, because we should be
looking for pwdReset.  PwdMustChange is a policy attribute and not a user attribute and this
does not appear to be set anywhere for the isPwdTooYoung method to use.  So, it's null, which
means this method will never return false for pwdReset: TRUE.


> Password policy pwdMinAge check should check for required reset
> ---------------------------------------------------------------
>
>                 Key: DIRSERVER-2210
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2210
>             Project: Directory ApacheDS
>          Issue Type: Bug
>          Components: core
>            Reporter: Warren Rogers
>
> This JIRA is for a regression of DIRSERVER-1932.
> The test given in the previous JIRA has recently been changed so that the min age is
1 second, so if the test takes 1.1 seconds, it will pass.  The previous age was 5 seconds.
 I would figure this should be even greater to make sure the test process finishes each step.
 I would suggest 30 seconds to probably several minutes.
> We are having issues when an admin resets a user's password, they cannot reset their
password because pwMinAge is 24 hours and the password change is rejected because the password
is too young.
> I'm still scanning the source code for the specific area causing the issue, if I find
it, I'll submit a patch (or merge request).  But thought I'd at least get this issue back
on the radar.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message