| Summary: | Installer allows overriding some insecure passwords but not others. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Jerry Hoemann <jerry.hoemann> | ||||
| Component: | anaconda | Assignee: | Martin Kolman <mkolman> | ||||
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Release Test Team <release-test-team> | ||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 7.3 | CC: | jerry.hoemann, jkachuck, joseph.szczypek, karen.skweres, linda.knippers, mknutson, mkolman, nigel.croxon, sbueno, tom.vaden, trinh.dao | ||||
| Target Milestone: | rc | ||||||
| Target Release: | --- | ||||||
| Hardware: | x86_64 | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2017-01-12 13:30:44 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Bug Depends On: | |||||||
| Bug Blocks: | 1213541 | ||||||
| Attachments: |
|
||||||
This is basically 2 issues: - Anaconda requiring passwords to be at least 8 characters long - Anaconda not allowing the override to use weak passwords Both issues should be fixed as of anaconda-21.48.22.93-1, which will most probably be in the next snapshot. Tested snapshot 5. Issue fixed. |
Created attachment 1204996 [details] Screen shot showing install error message. Description of problem: In RHEL 7.3 Snapshot 3(?) started enforcing a minimal length password that cannot be overridden by selecting "Done" twice like other insecure passwords. Insecure passwords should be treated similarly and allowed if explicitly requested by the installer. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1.Install RHEL 7.3 2.Choose password of 7 characters. 3. Actual results: Cannot force short password. Expected results: Should allow if user selects "Done" twice like other insecure passwords (e.g. like one susceptible to a dictionary attack.) This is what prior versions of anaconda allowed. Additional info: Note, the installed kernel still allows root to assign short passwords.