Summary: Make random password generation work with policies https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983 ------- Additional Comments From nhosoi@xxxxxxxxxx 2006-11-28 13:04 EST ------- Created an attachment (id=142311) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142311&action=view) cvs diff (passwd_extop.c) Final diff of passwd_extop.c which has been revised based upon the Nathan's review. Reviewed by Nathan (Thank you!!) Checked in into HEAD Commit messsage: Resolves: #216983 Summary: Make random password generation work with policies Changes: 1) Generate a password that meets the current password syntax rules. 2) Report errors when Min8Bit is set or MinCategories > 4 CVS: ---------------------------------------------------------------------- CVS: Modified Files: passwd_extop.c CVS: ---------------------------------------------------------------------- Checking in passwd_extop.c; /cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v <-- passwd_extop.c new revision: 1.14; previous revision: 1.13 done ------- Additional Comments From nhosoi@xxxxxxxxxx 2006-11-28 12:57 EST ------- Thank you so much, Nathan! passwordMinCategories: 5 Client> ldappasswd: Operations error ldappasswd: additional info: Unable to generate new random password. Please contact the Administrator. Server> [...] - Unable to generate a password that meets the current password syntax rules. A minimum categories setting of 5 is not supported with random password generation. passwordMin8bit: 1 Client> ldappasswd: Operations error ldappasswd: additional info: Unable to generate new random password. Please contact the Administrator. Server> [...] - Unable to generate a password that meets the current password syntax rules. 8-bit syntax restrictions are not supported with random password generation.
------- Additional Comments From nhosoi@xxxxxxxxxx 2006-11-27 18:58 EST ------- Created an attachment (id=142247) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142247&action=view) cvs diff (passwd_extop.c) Thank you to Nathan for the review and the discussion! As you suggested, I changed the code to randomly choose the rest of the specifiedcharacters (characters specified by, e.g., minuppers or mindigits). Also, I added error messages to log in the errors log as well as to return to the client. Please take a look at the next attachment for the messages.------- Additional Comments From nhosoi@xxxxxxxxxx 2006-11-27 19:04 EST ------- Created an attachment (id=142248) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142248&action=view) generated password sample + error messages Added error messages are for 1. when passwordMinCategories is 5, which expects the generated password to include 8-bit character(s). Password Generator does not support such a password.2. when passwordMin8Bit is set.Also, fixed the bug pointed out by Nathan in Comment#3. Lastly, the generated password sequence looks more randomized!Summary: Make random password generation work with policies https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983 Description of problem:passwd_modify_generate_passwd (passwd_extop.c) always generates 8-bytes random characters made by PK11_GenerateRandom and ldif_base64_encode. It needs togenerate a password which follows the password policy if it's defined.------- Additional Comments From nhosoi@xxxxxxxxxx 2006-11-27 14:18 EST -------Created an attachment (id=142208)--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142208&action=view)cvs diff (passwd_extop.c) File: ldap/servers/slapd/passwd_extop.c Changes: 1. Renamed passwd_modify_generate_passwd topasswd_modify_generate_basic_passwd, which algorithm is used when no specificpassword rule or just the minimum length is given.2. If some other rules are set, passwd_modify_generate_policy_passwd is calledand generates a password which fulfills the requirement. Note: this password generator does not support passwordMin8Bit. If itgenerates a password which includes 8-bit characters, most likely they won't be able to be displayed or input from the users' keyboard. We should note it in thedoc...------- Additional Comments From nhosoi@xxxxxxxxxx 2006-11-27 14:21 EST -------Created an attachment (id=142213)--> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142213&action=view)generated password sampleAttached is the sample output from ldappasswd. Do you think this quality ofthe randomness satisfies the requirement? ------------------------------------------------------------------------ -- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel------------------------------------------------------------------------ -- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-devel mailing list Fedora-directory-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-devel
