config-files

History

Carmen Rata 2671d8e863 Remove password-expiration-check script This commit removes the implementation for ldap user password expiry done in commit `13d31e8184`. This is because it is getting replaced by an sssd password expiration control implementation. The sssd solution also fixes a bug in the previous implementation to allow password expiration detection to work for ldap users logging in a subcloud. In the sssd solution the warning in advance of the password expiration is more precise, giving the number of hours if there is only a day to expiry and the number of minutes if there is less than an hour to expiry. Test Plan: PASS: Verify SSSD configuration in "/etc/sssd/sssd.conf" gets updated with password expiration configuration. PASS: Create a local openldap user using "ldapusersetup" utility and set the "shadowMax" attribute for the user password to expire in 2 days. The ldap user attribute "shadowMax" gives the maximum number of days that a shadow password is valid. PASS: Use the command "date" to set the time in the future to get the password to expire (e.g." date -s "Tue Aug 10 06:33:37 UTC 2023"). PASS: Execute ssh using the ldap user you have just created. A message saying the password was expired should be displayed and a prompt to change the password would follow up. PASS: After the password was updated try to login the user again using the new password and should succeed. PASS: Verify that a warning saying that the user's password expired and needs to be renewed appears in "/var/log/auth.log" (e.g.:"pam_sss(sshd:account): Access denied for user testuser1: 12 (Authentication token is no longer valid; new one required)"). PASS: Verify that a password expiration warning occurs at login time, before the password actually expires. Examples: "Your password will expire in 1 day(s)." or "Your password will expire in 45 minute(s).". Use real time for this test instead of artificially modifying the date. PASS: Verify the password expiration warning occurs according to the configuration of the ldap user account. PASS: Check that script "/etc/profile.d/password-expiration-check.sh" does not exist. PASS: Verify ldap user password expiration in a AIO-SX and a subcloud of a DC system. Closes-Bug: 2029425 Signed-off-by: Carmen Rata <carmen.rata@windriver.com> Change-Id: I12936f8fccf04e5c673844457528982c4bf57018	2023-08-14 12:59:19 +00:00
..
debian	Remove password-expiration-check script	2023-08-14 12:59:19 +00:00
source	Remove password-expiration-check script	2023-08-14 12:59:19 +00:00

Carmen Rata 2671d8e863 Remove password-expiration-check script

This commit removes the implementation for ldap user password expiry
done in commit 13d31e8184.
This is because it is getting replaced by an sssd password expiration
control implementation. The sssd solution also fixes a bug in the
previous implementation to allow password expiration detection to work
for ldap users logging in a subcloud. In the sssd solution the warning
in advance of the password expiration is more precise, giving the
number of hours if there is only a day to expiry and the number of
minutes if there is less than an hour to expiry.

Test Plan:
PASS: Verify SSSD configuration in "/etc/sssd/sssd.conf" gets
updated with password expiration configuration.
PASS: Create a local openldap user using "ldapusersetup" utility
and set the "shadowMax" attribute for the user password to expire
in 2 days. The ldap user attribute "shadowMax" gives the maximum
number of days that a shadow password is valid.
PASS: Use the command "date" to set the time in the future to get
the password to expire (e.g." date -s "Tue Aug 10 06:33:37 UTC 2023").
PASS: Execute ssh using the ldap user you have just created.
A message saying the password was expired should be displayed and
a prompt to change the password would follow up.
PASS: After the password was updated try to login the user again
using the new password and should succeed.
PASS: Verify that a warning saying that the user's password expired
and needs to be renewed appears in "/var/log/auth.log"
(e.g.:"pam_sss(sshd:account): Access denied for user testuser1: 12
(Authentication token is no longer valid; new one required)").
PASS: Verify that a password expiration warning occurs at login time,
before the password actually expires. Examples: "Your password will
expire in 1 day(s)." or "Your password will expire in 45 minute(s).".
Use real time for this test instead of artificially modifying the
date.
PASS: Verify the password expiration warning occurs according to the
configuration of the ldap user account.
PASS: Check that script "/etc/profile.d/password-expiration-check.sh"
does not exist.
PASS: Verify ldap user password expiration in a AIO-SX and a subcloud
of a DC system.

Closes-Bug: 2029425

Signed-off-by: Carmen Rata <carmen.rata@windriver.com>
Change-Id: I12936f8fccf04e5c673844457528982c4bf57018

2023-08-14 12:59:19 +00:00

debian Remove password-expiration-check script 2023-08-14 12:59:19 +00:00

source Remove password-expiration-check script 2023-08-14 12:59:19 +00:00