starred/the-bastion
1
0
Fork 0
mirror of https://github.com/ovh/the-bastion.git synced 2026-05-09 08:25:27 +02:00
Code Issues 46 Projects Packages Wiki Activity

[GH-ISSUE #329] Expired (TTL-wise) accounts do expire but it's not shown on accountInfo #83

New issue
Closed
opened 2026-05-07 00:18:33 +02:00 by BreizhHardware · 2 comments
BreizhHardware commented 2026-05-07 00:18:33 +02:00
Owner
Copy link

Originally created by @speed47 on GitHub (Jul 15, 2022).
Original GitHub issue: https://github.com/ovh/the-bastion/issues/329

see https://github.com/ovh/the-bastion/issues/313#issuecomment-1184158231

Originally created by @speed47 on GitHub (Jul 15, 2022). Original GitHub issue: https://github.com/ovh/the-bastion/issues/329 see https://github.com/ovh/the-bastion/issues/313#issuecomment-1184158231
BreizhHardware 2026-05-07 00:18:33 +02:00
  • closed this issue
  • added the
    bug
         label
BreizhHardware commented 2026-05-07 00:18:34 +02:00
Author
Owner
Copy link

@speed47 commented on GitHub (Jul 15, 2022):

slesimpl@dev(master)> adminSudo -- --sudo-as expi30sec --sudo-cmd info
╭──ac777d06bec9───────────────────────────────────────the-bastion-3.09.00-rc3───
│ ▶ launching a bastion command or connection, impersonating another user
├───────────────────────────────────────────────────────────────────────────────
│ ❗ ADMIN SUDO: slesimpl, you'll now impersonate expi30sec, this has been logged.
│ 
│ ⛔ Sorry expi30sec, your account has expired.
│ Command exited with status 121
╰────────────────────────────────────────────────────────────────</adminSudo>───
slesimpl@dev(master)> accountInfo --account expi30sec
╭──ac777d06bec9───────────────────────────────────────the-bastion-3.09.00-rc3───
│ ▶ account information
├───────────────────────────────────────────────────────────────────────────────
│ This account has access to the following restricted commands:
│ (none)
│ 
│ This account is active
│ This account is not expired
│ As a consequence, this account can connect to this bastion

The terminology here can be confusing, we need to change that.
In the context of accountInfo:

<!-- gh-comment-id:1185391407 --> @speed47 commented on GitHub (Jul 15, 2022): ``` slesimpl@dev(master)> adminSudo -- --sudo-as expi30sec --sudo-cmd info ╭──ac777d06bec9───────────────────────────────────────the-bastion-3.09.00-rc3─── │ ▶ launching a bastion command or connection, impersonating another user ├─────────────────────────────────────────────────────────────────────────────── │ ❗ ADMIN SUDO: slesimpl, you'll now impersonate expi30sec, this has been logged. │ │ ⛔ Sorry expi30sec, your account has expired. │ Command exited with status 121 ╰────────────────────────────────────────────────────────────────</adminSudo>─── slesimpl@dev(master)> accountInfo --account expi30sec ╭──ac777d06bec9───────────────────────────────────────the-bastion-3.09.00-rc3─── │ ▶ account information ├─────────────────────────────────────────────────────────────────────────────── │ This account has access to the following restricted commands: │ (none) │ │ This account is active │ This account is not expired │ As a consequence, this account can connect to this bastion ``` The terminology here can be confusing, we need to change that. In the context of `accountInfo`: - `active` is whether this account has been declared active or inactive by an external system, if such policy is enabled (see https://ovh.github.io/the-bastion/administration/configuration/bastion_conf.html#accountexternalvalidationprogram) - `expired` is whether this account has logged-in recently enough to not be auto-expired, if such policy is enabled (https://ovh.github.io/the-bastion/administration/configuration/bastion_conf.html#accountmaxinactivedays) - The TTL status is not shown here, it should be. This also means that the sentence `this account can connect to this bastion` is incorrect in this case, as the TTL has expired, and in effect the account can not connect.
BreizhHardware commented 2026-05-07 00:18:34 +02:00
Author
Owner
Copy link

@speed47 commented on GitHub (Sep 21, 2022):

Merged and released in v3.09.00

<!-- gh-comment-id:1253505375 --> @speed47 commented on GitHub (Sep 21, 2022): Merged and released in v3.09.00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
expifix
groupcreate_fix_uid
fix_group_gid_fast
gh-pages
clush
expiration
jsonvalidator
v3.23.01
v3.23.00
v3.22.00
v3.21.00
v3.20.00
v3.19.01
v3.19.00
v3.18.99-rc1
v3.18.00
v3.17.01
v3.17.00
v3.16.99-rc3
v3.16.99-rc2
v3.16.99-rc1
v3.16.01
v3.16.00
v3.15.00
v3.14.16
v3.14.15
v3.14.00
v3.13.01
v3.13.00
v3.12.00
v3.11.02
v3.11.01
v3.11.00
v3.10.00
v3.09.02
v3.09.00-really
v3.09.00
v3.09.00-rc3
v3.09.00-rc2
v3.09.00-rc1
v3.08.01
v3.08.00
v3.07.00
v3.06.00
v3.05.01
v3.05.00
v3.04.00
v3.03.99-rc2
v3.03.99-rc1
v3.03.01
v3.03.00
v3.02.00
v3.01.99-rc4
v3.01.99-rc3
v3.01.99-rc2
v3.01.99-rc1
v3.01.03
v3.01.02
v3.01.01
v3.01.00
v3.00.02
v3.00.01
v3.00.00
Labels
Clear labels   
answered

   
bug

   
documentation

   
enhancement

   
enhancement

   
feature

   
feature

   
kept-open-for-info

   
pull-request
Mirrored from GitHub Pull Request

  
question
No labels
answered
bug
documentation
enhancement
enhancement
feature
feature
kept-open-for-info
pull-request
question
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/the-bastion#83
No description provided.