"Your account is disabled" error with Kerberos authentication in Juniper

mbrdlove · June 3, 2020, 6:52pm

Hi, everyone. There’s a ticket and a commit from February, 2019 that tried to solve a problem with people logging in to disabled accounts by forbidding logins where passwords are disabled on the accounts:

Since we use Kerberos authentication, however, we have some legitimate accounts that have no passwords, resulting in spurious “Your account is disabled” errors. We solved this issue locally with a patch that basically reverses the commit above.

How should I follow up with this? Should I make a new ticket (if so, can you advise me on which tracker to use?), or does someone want to reopen the old ticket?

blarghmatey · June 9, 2020, 8:51pm

@nedbat this might be a candidate for a fix in a Juniper.2 if there are other folks who are using SSO only login setups.

nedbat · June 9, 2020, 10:55pm

You can make a CRI Jira issue if you think this needs attention in Juniper. But reverting a commit for Juniper doesn’t seem like a good long-term fix.

Topic		Replies	Views
In Juniper.2 After succesfull login (in log) returns to main page and exits Site Operations Help	4	902	August 27, 2020
Sustaining security fixes 2 Security	0	400	August 13, 2020
Juniper Alpha standard accounts Site Operations Help juniper	4	876	January 29, 2020
JUNIPER.MASTER - Fresh Install: Forbidden (CSRF cookie not set.): /change_enrollment Site Operations Help	11	3033	September 3, 2020
Security patch for xss fixes Security	1	506	July 23, 2020

"Your account is disabled" error with Kerberos authentication in Juniper

Related Topics