Bug 1267954

Summary: Same password for root and disk encryption reported both as Good and Weak
Product: Red Hat Enterprise Linux 7 Reporter: Alexander Todorov <atodorov>
Component: anacondaAssignee: David Shea <dshea>
Status: CLOSED NOTABUG QA Contact: Release Test Team <release-test-team-automation>
Severity: low Docs Contact:
Priority: low    
Version: 7.2CC: sbueno, tmraz
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-01-29 16:46:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Disk encryption password
none
Root user password none

Description Alexander Todorov 2015-10-01 12:52:51 UTC 
Description of problem:

I have used the same password twice:

- for disk encryption where it was reported as weak
- for the root user where it was reported as good


Version-Release number of selected component (if applicable):
anaconda-21.48.22.53-1
Comment 1 Alexander Todorov 2015-10-01 12:53:25 UTC 
Created attachment 1079093 [details]
Disk encryption password
Comment 2 Alexander Todorov 2015-10-01 12:53:43 UTC 
Created attachment 1079094 [details]
Root user password
Comment 3 David Shea 2015-10-01 14:21:51 UTC 
There are two differences in the way anaconda performs these two password checks:

1: for the root password check, anaconda overrides minlen setting to 6. This should not matter here since the default is 8, and it looks like the password you are attempting to use has 9 characters.

2: for the root password check, anaconda passes the username parameter to the pwquality check function, since passwords that contain the username are considered weaker than those that do not, while the disk passphrase has no such concept to check against. Maybe your password contains the word "root"?
Comment 4 Tomas Mraz 2015-10-01 15:37:39 UTC 
Actually the change in the minlen setting modifies the calculation of the password score so that is the reason for the difference.

Back to anaconda for consideration whether it wants to unify the minlen setting for both checks. I do not see this as a bug though.
Comment 6 David Cantrell 2016-01-29 16:46:47 UTC 
Consensus is this is not a bug.  If the password checking requirements need to change, that is a policy set by someone else.  Ideally product management in the case of RHEL.