Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-72513

Active user is not able to authenticate if same username Staged user exists

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Undefined Undefined
    • None
    • rhel-9.5
    • ipa
    • None
    • No
    • Important
    • rhel-sst-idm-ipa
    • ssg_idm
    • None
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None

      What were you trying to do that didn't work?

      IdM user is not able to authenticate, if a Stage User with identical username exists.

      What is the impact of this issue to you?

      IdM user is not able to authenticate

      Please provide the package NVR for which the bug is seen:

      ipa-server-4.12.2-1.el9_5.2.x86_64

      How reproducible is this bug?:

      100%

      If an stage user is created first, and active user is created later, the active user will fail to authenticate.

      krb5kdc[4323](info): AS_REQ (<...>) 10.74.209.58: CLIENT LOCKED OUT: bob@<...>.REDHAT.COM for krbtgt/<...>.REDHAT.COM@<...>.REDHAT.COM, Client's credentials have been revoked

      If an active user is created first, and a stage user is created subsequently, the active user will be able to authenticate without issue.

      Steps to reproduce

      1. ipa stageuser-add --first=Bob --last=StageUser bob
      2. ipa user-add --first=Bob --last=ActiveUser bob --password
      3. kinit bob

      Expected results

      User is able to authenticate

      Actual results

      User is unable to authenticate, unless the stage user is deleted.

              frenaud@redhat.com Florence Renaud
              rhn-support-suwu Sunny Wu
              Florence Renaud Florence Renaud
              Sudhir Menon Sudhir Menon
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: