Bug 827392

Summary: Host OTP :: Random password characters should be limited.
Product: Red Hat Enterprise Linux 6 Reporter: Gowrishankar Rajaiyan <grajaiya>
Component: ipaAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Namita Soman <nsoman>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.3CC: jgalipea, mkosek
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ipa-3.0.0-1.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-02-21 09:14:52 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Gowrishankar Rajaiyan 2012-06-01 10:38:59 UTC 
Description of problem:
This request was raised by atolani as part of "IPA May 2012 - Test Day - IPA Host OTP". 


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-16.el6.x86_64

How reproducible:


Steps to Reproduce:
1. ipa host-add --random $CLIENT



Actual results: Generates password with '#\...


Expected results: limit the random password characters.


Additional info:
<atolani> mkosek, Hie, I believe we need to have a smart password policy for random passwords... I got W#W'cu.c\Aa[ as password & I am now unable to escape quote in this password

<mkosek> atolani: does 'W#W\'cu.c\Aa[' work?
<mkosek> atolani: though you are right, that some of the characters should be omited from password
<atolani> mkosek, no then you will have a single quote in the end 

<atolani> i mean if we allow them & some how escape, we need to school lots of customers... 

<mkosek> atolani: this should work then: W#W\\\'cu.c\\Aa\[     :-)
<mkosek> atolani, shanks: but please create a bug to limit the random password characters, you are right that it is not user-friendly
Comment 2 Martin Kosek 2012-06-01 12:01:36 UTC 
We already limit characters for random user passwords, we should do the same for host passwords, otherwise user may have issues entering such passwords in standard shell. I will create a ticket.
Comment 3 Martin Kosek 2012-06-01 12:03:33 UTC 
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2800
Comment 4 Martin Kosek 2012-06-27 11:01:26 UTC 
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/8ce7330c5330e45c59c70d984a7fed526e85c58c
Comment 5 Jenny Severance 2012-09-25 16:22:31 UTC 
regression test atuomated in HOST test suite
Comment 8 Jenny Severance 2013-01-15 21:30:49 UTC 
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ 827392 - Random password characters should be limited.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Ip address is 10.16.98.191
:: [   LOG    ] :: Checking for bad characters in the random password nw5Fv-=hZI.u
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password X2wZt7ZMOvdc
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password Xu3jM7siDnpq
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password pUjW01nK,k7L
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password gCwFq.ciab5Q
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password 9_3Api@mrM8a
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password Mpfz8iXSJ_0z
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password cnfPjQ9JKS0t
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password CR6A9ntsP6fQ
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password @fqQwKc.RvEP
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Duration: 41s
:: [   LOG    ] :: Assertions: 10 good, 0 bad
:: [   PASS   ] :: RESULT: BZ 827392 - Random password characters should be limited.

version :: 

ipa-server-3.0.0-12.el6
Comment 10 errata-xmlrpc 2013-02-21 09:14:52 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html