Bug 27104

Summary: RFE: Password field in High Security install is too short
Product: [Retired] Red Hat Linux Reporter: R P Herrold <herrold>
Component: anacondaAssignee: Brent Fox <bfox>
Status: CLOSED DUPLICATE QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: dr
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2001-04-21 21:45:20 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description R P Herrold 2001-02-12 02:16:09 UTC 
High security option as the default looks promising, yet, in
adding root, and initial user account, there is only room for
an 8 character password.  This loses the benefit of long
'line noise' passphrases ...
  
RFE: Extend password field when High Security to at least 24 characters
Comment 1 Michael Fulbright 2001-02-12 03:46:06 UTC 
Doesn't the field scroll when you enter a longer password?

The high security option, btw, only refers to the firewall configuration.
Comment 2 R P Herrold 2001-02-12 04:02:17 UTC 
Dunno -- will test.

But if so, it violates the principle of Least Surprise.  The option for
root's password is visibly longer than the 9 char for end users ...

WHY in the world 9 characters ?  This has NO value to a long time
unix admin (who KNOWS passwords are only significant to 8 chars --
makes it look as though you were just sloppy instead of signalling
that passphrases are available)

At least conform both root and end users to the longer value, and
inform that md5 hashed passwords (or whatever) are available.
Comment 3 Daniel Roesen 2001-02-12 15:17:49 UTC 
the 8-chars limitation is only for DES crypt(), not for MD5.
Comment 4 R P Herrold 2001-02-12 20:54:58 UTC 
"who KNOWS passwords" ... was in 'old hand who stopped learning about
1975' mode ...  Yes, I know ... but the signal sent by a short
password field is that this length is all that will be accepted.
(a ">" at the right margin might signal a scrolling width field).
Comment 5 Daniel Roesen 2001-02-12 21:36:56 UTC 
I fully agree.
Comment 6 Brent Fox 2001-02-17 04:46:16 UTC 
I'm inclined to agree, however the documentation would have to be changed.
Since the translations are already underway, we can't change things at this
time.  I'm deferring this and I'll put this on our list for a future release.
Comment 7 R P Herrold 2001-02-17 16:31:43 UTC 
What about the simple confirmance of displayed field length to the longer value
allowed for root in TUI, compared with end users ... that requires no doco
changes ... it is just visual appearance, and would seem to be able to be rolled
in in 7.1 ?
Comment 8 Brent Fox 2001-02-20 04:18:55 UTC 
There's just not time to address non-critical bugs at this time.  Screenshots
are a part of the documentation, and we are in a complete screen freeze.  Deferring.
Comment 9 R P Herrold 2001-03-10 02:17:45 UTC 
Did some counting on the TUI install

Root has a field of 24 width, and accepts 23 with no continuation indication

End users offers 10, and takes 9, with no continuation indication ...

--------------I will un-defer once 7.1 goes GOLD to get it changed at once in
the next version cycle.
Comment 10 R P Herrold 2001-04-11 03:48:36 UTC 
Re-open for consideration of proposed fix in RH 7.2
Comment 11 Brent Fox 2001-04-21 21:45:15 UTC 
We will roll these proposed changes into bug #24580. Thanks for your suggestion.

*** This bug has been marked as a duplicate of 24580 ***