login_password did not work properly in timezones other than +0h because local time was compared with utc time.
Bug introduced in: https://fedorahosted.org/freeipa/ticket/4339 We should review other code for invalid usage of datetime.now() -- Petr Vobornik
From 0c60c536a7f91226fa0201568b2be99dba7b02c9 Mon Sep 17 00:00:00 2001 From: Petr Vobornik <pvobo...@redhat.com> Date: Tue, 24 Jun 2014 15:54:41 +0200 Subject: [PATCH] rpcserver: fix local vs utc time comparison login_password did not work properly in timezones other than +0h because local time was compared with utc time. Bug introduced in: https://fedorahosted.org/freeipa/ticket/4339 --- ipaserver/rpcserver.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py index 30b9746397636128c0edc3fb4d2ad7f7bdc22495..0838ad143c4c2ec9aa5fd7db3027b70ba6fa5a92 100644 --- a/ipaserver/rpcserver.py +++ b/ipaserver/rpcserver.py @@ -959,7 +959,7 @@ class login_password(Backend, KerberosSession, HTTP_Status): ['krbpasswordexpiration']) if 'krbpasswordexpiration' in entry_attrs: expiration = entry_attrs['krbpasswordexpiration'][0] - if expiration <= datetime.datetime.now(): + if expiration <= datetime.datetime.utcnow(): reason = 'password-expired' except Exception: -- 1.9.0
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel