Bug 1034689 - RFE: Do not check the complexity of root password
Summary: RFE: Do not check the complexity of root password
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Beaker
Classification: Retired
Component: web UI
Version: develop
Hardware: Unspecified
OS: Unspecified
unspecified
medium vote
Target Milestone: ---
Assignee: beaker-dev-list
QA Contact: tools-bugs
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-11-26 10:56 UTC by Patrik Kis
Modified: 2018-02-06 00:41 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-12-13 04:54:55 UTC

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Patrik Kis 2013-11-26 10:56:15 UTC 
Description of problem:
What is the point to force the users to set up complex root password for their machines in Preferences when the password can be seem by anybody in public console log file if it is used in console.

Version-Release number of selected component (if applicable):
Version - 0.14.2
Comment 2 Bill Peck 2013-11-26 13:10:53 UTC 
I think it still makes sense.  the root password on console is only an issue on s390 systems.  And even so, it still prevents root kits from  getting in and using our internal systems.
Comment 3 Dan Callaghan 2013-12-13 04:54:55 UTC 
The password complexity enforcement was a requirement from Red Hat's internal Information Security team. If you find the root password inconvenient I recommend you set a public SSH key in Beaker and use that instead.

Also note that the Beaker preferences page will accept a pre-crypted password, which you can generate using `openssl passwd -1`. In that case Beaker does not have access to the cleartext password so it cannot apply complexity checks (it assumes the users has chosen a strong password).
Note You need to log in before you can comment on or make changes to this bug.