"Your account is disabled" error with Kerberos authentication in Juniper

Hi, everyone. There’s a ticket and a commit from February, 2019 that tried to solve a problem with people logging in to disabled accounts by forbidding logins where passwords are disabled on the accounts:

Since we use Kerberos authentication, however, we have some legitimate accounts that have no passwords, resulting in spurious “Your account is disabled” errors. We solved this issue locally with a patch that basically reverses the commit above.

How should I follow up with this? Should I make a new ticket (if so, can you advise me on which tracker to use?), or does someone want to reopen the old ticket?

@nedbat this might be a candidate for a fix in a Juniper.2 if there are other folks who are using SSO only login setups.

1 Like

You can make a CRI Jira issue if you think this needs attention in Juniper. But reverting a commit for Juniper doesn’t seem like a good long-term fix.