Re: [Fedora-directory-devel] Request for reviews and comments: [Bug 216983] New: Make random password generation work with policies

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Summary: Make random password generation work with policies


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983


------- Additional Comments From nhosoi@xxxxxxxxxx  2006-11-27 18:58 EST -------
Created an attachment (id=142247)
 --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142247&action="">)
cvs diff (passwd_extop.c)

Thank you to Nathan for the review and the discussion!

As you suggested, I changed the code to randomly choose the rest of the specified
characters (characters specified by, e.g., minuppers or mindigits).  Also, I added 
error messages to log in the errors log as well as to return to the client.  Please 
take a look at the next attachment for the messages.

------- Additional Comments From nhosoi@xxxxxxxxxx  2006-11-27 19:04 EST -------
Created an attachment (id=142248)
 --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142248&action="">)
generated password sample + error messages

Added error messages are for
1. when passwordMinCategories is 5, which expects the generated password to
include 8-bit character(s).  Password Generator does not support such a
password.
2. when passwordMin8Bit is set. 

Also, fixed the bug pointed out by Nathan in Comment#3.

Lastly, the generated password sequence looks more randomized!
Summary: Make random password generation work with policies

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983

Description of problem:
passwd_modify_generate_passwd (passwd_extop.c) always generates 8-bytes random
characters made by PK11_GenerateRandom and ldif_base64_encode.  It needs to
generate a password which follows the password policy if it's defined.

------- Additional Comments From nhosoi@xxxxxxxxxx  2006-11-27 14:18 EST -------
Created an attachment (id=142208)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142208&action="">)
cvs diff (passwd_extop.c)

File:
ldap/servers/slapd/passwd_extop.c

Changes:
1. Renamed passwd_modify_generate_passwd to
passwd_modify_generate_basic_passwd, which algorithm is used when no specific
password rule or just the minimum length is given.
2. If some other rules are set, passwd_modify_generate_policy_passwd is called
and generates a password which fulfills the requirement.

Note: this password generator does not support passwordMin8Bit.  If it
generates a password which includes 8-bit characters, most likely they won't be
able to be displayed or input from the users' keyboard.  We should note it in the
doc...

------- Additional Comments From nhosoi@xxxxxxxxxx  2006-11-27 14:21 EST -------
Created an attachment (id=142213)
--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142213&action="">)
generated password sample

Attached is the sample output from ldappasswd.    Do you think this quality of
the randomness satisfies the requirement? 


--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-devel mailing list
Fedora-directory-devel@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
[Index of Archives]     [Fedora Directory Announce]     [Fedora Users]     [Older Fedora Users Mail]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Review]     [Fedora Art]     [Fedora Music]     [Fedora Packaging]     [CentOS]     [Fedora SELinux]     [Big List of Linux Books]     [KDE Users]     [Fedora Art]     [Fedora Docs]

  Powered by Linux