Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-121981

Setting password history count to 0 does not flush history

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • None
    • rhel-10.1
    • 389-ds-base
    • None
    • None
    • Moderate
    • rhel-idm-ds
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      Setting password history count to 0 should flush all passwords stored in the history

      Package version:

      389-ds-base-3.1.3-5.el10_1.x86_64

      Steps to reproduce

      1. Enable global password history
      2. Set password history count to e. g. 2,
      3. Fill a user's password history with values, e.g. password1, password2
      4. Set password history count to 0 - only current password is blocked (e. g. password3)
      5. Set password history count to 2 again
      6. Check that any of the older passwords (password1, password2) are still usable

      Expected results

      It should be possible to set both password1 and password2, but not password3 (current password)

      Actual results

      Both password1 and password2 are blocked, the history is still populated by original values before changing password history count to 0

      Additional info

      Only applies to setting password history count to 0. Other cases (e.g. 3 -> 2) work properly.

              idm-ds-dev-bugs IdM DS Dev
              lryznaro@redhat.com Lenka Doudova
              IdM DS Dev IdM DS Dev
              IdM DS QE IdM DS QE
              Evgenia Martyniuk Evgenia Martyniuk
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: