Bug 475051
Summary: | ipa-pwd-extop truncates NT passwords to 14 characters | ||
---|---|---|---|
Product: | [Retired] freeIPA | Reporter: | Loris Santamaria <loris> |
Component: | ipa-server | Assignee: | Simo Sorce <ssorce> |
Status: | CLOSED ERRATA | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | medium | Docs Contact: | |
Priority: | low | ||
Version: | 1.2 | CC: | benl, dpal, jgalipea, rcritten, ssorce |
Target Milestone: | v2 release | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | All | ||
Whiteboard: | |||
Fixed In Version: | freeipa-2.0.0-1.fc15 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-03-28 09:41:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 431020 |
Description
Loris Santamaria
2008-12-07 02:49:18 UTC
There are comments in the plugin code that reflect this as well. Rob, what's the intent here? Should we be putting a comment in the doc that samba passwords are truncated at 14 chars, or are we going to patch the plug-in to allow longer passwords? Which plug-in code are you referring to? ta /dob not the python speaker The plugin is the IPA password plugin for DS. The comment I mentioned is: /* we are interested only in the first 14 ASCII chars for lanman */ I know next to nothing about NT passwords but considering that Simo is a Samba developer I'm guessing he did the right thing here. The 14 characters limit is a limitation of the Lanman hash, I guess that today we can simply stop generating it an only generate the NT hash. The limit of 14 for the NT hash is probably a bug though. Can I get an update on this BZ for IPA v2.0? I'm in the middle of updating the draft TOCs for the IPA 2.0 doc and would like to get as much info as possible about how this behaviour is going to affect users, sysadmins, etc., or if there has been some patch implemented that "makes it all go away". |