Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1357550 - [AAA] User is allowed to change an expired pass using old pass as new
Summary: [AAA] User is allowed to change an expired pass using old pass as new
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: ovirt-engine
Classification: oVirt
Component: AAA
Version: 4.0.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: ---
: ---
Assignee: Ravi Nori
QA Contact: Gonza
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-18 13:35 UTC by Gonza
Modified: 2016-07-19 14:55 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-07-19 14:55:46 UTC
oVirt Team: Infra
rule-engine: planning_ack?
rule-engine: devel_ack?
rule-engine: testing_ack?


Attachments (Terms of Use)

Description Gonza 2016-07-18 13:35:20 UTC
Description of problem:
A user with an expired pass is allowed to update his pass using old pass as new

Version-Release number of selected component (if applicable):
rhevm-4.0.0.5-0.1.el7ev.noarch

How reproducible:
100%

Steps to Reproduce:
1. Login to userportal with expired pass user
2. Click on link to change pass and input old and new passwords then click "Change Password" button

Actual results:
Pass is update to old password

Expected results:
User is not allowed to use same password

Comment 1 Ravi Nori 2016-07-19 14:55:46 UTC
The password policies are not managed by Engine SSO and need to be set on the ldap server. Works as expected when proper password policies are in place.


Note You need to log in before you can comment on or make changes to this bug.