Created attachment 990738 [details] first screenshot Description of problem: As shown in the first screenshot,nothing happened after I push the"Done" button on the ROOT PASSWORD page, if I type into a" weak" password,which I think is not intended according to the last two screenshots. What's more,I think the password I gave is not so weak:1201107lnie. Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Created attachment 990743 [details] screenshot2
Created attachment 990744 [details] screenshot3
Anaconda no longer permits weak passwords in interactive installs.
*** Bug 1192147 has been marked as a duplicate of this bug. ***
There is no way to configure what is considered a strong password in Anaconda. Anaconda should not dictate its own standards (when the "local" standards can be totally different). I can't accept an explanation that only tells me "sorry, no longer" without (at least) a link to where this was discussed with the community. This will affect whole teams that need to repeatedly install Fedora to test and discard the machines couple of times per day (read: all virtualization teams).
(In reply to Martin Sivák from comment #5) > There is no way to configure what is considered a strong password in > Anaconda. The idea of what is or is not a good password is not really something appropriate for configuration. > Anaconda should not dictate its own standards (when the "local" standards > can be totally different). Anaconda uses libpwquality to determine password quality, as the rest of Fedora's password utilities do, or at the very least should. https://fedorahosted.org/libpwquality/ > I can't accept an explanation that only tells me > "sorry, no longer" without (at least) a link to where this was discussed > with the community. test.org and anaconda-devel-list > This will affect whole teams that need to repeatedly install Fedora to test > and discard the machines couple of times per day (read: all virtualization > teams). So pick a better password for your virtual machines.
(In reply to Martin Sivák from comment #5) > This will affect whole teams that need to repeatedly install Fedora to test > and discard the machines couple of times per day (read: all virtualization > teams). Also, if you are installing and discarding Fedora machines several times a day, perhaps you should consider kickstart? The password quality check does not affect kickstart.
1) test.org and anaconda-devel-list Seriously? What about fedora-devel? This affects the whole user base, discussing this only on "internal" development lists is definitely not enough. 2) The idea of what is or is not a good password is not really something appropriate for configuration. I suppose you have never heard about OpenSCAP? http://www.open-scap.org/page/Main_Page Vrata (vpodzime) actually wrote an Anaconda add-on that can do security configuration checks during installation. And that includes password complexity. This change prevents it from working properly. 3) Anaconda uses libpwquality to determine password quality, as the rest of Fedora's password utilities do, or at the very least should. https://fedorahosted.org/libpwquality/ passwd does not enforce the password strength by default. Nor does any other tool I know about. All only warn in the default configuration. 4) Also, if you are installing and discarding Fedora machines several times a day, perhaps you should consider kickstart? The password quality check does not affect kickstart. Ever tried typing kickstart url on dumb serial console? Or in VNC without copy and paste support? Clicking through is faster.. There were very good reasons for not forcing the user to select a very strong password. And I am not aware of any other distribution that would do it either. But I haven't looked for some time. People who want to try Fedora will be seriously annoyed by this. The same applies to developers and testers when this hits a release. Just FYI, this is being discussed on FESCo level now: https://fedorahosted.org/fesco/ticket/1412
Reopening this ticket. At today's FESCo meeting, the following decision was made: "FESCo would like anaconda to turn back on the "double-done" option for Fedora 22. Better solutions should be investigated for F23." By "double-done", we are referring to the option to click Done a second time to accept an insufficiently-strict password.
*** Bug 1200968 has been marked as a duplicate of this bug. ***
*** Bug 1200999 has been marked as a duplicate of this bug. ***
Proposed as a Blocker for 22-beta by Fedora user thozza using the blocker tracking app because: On today's FESCo meeting, we agreed to file a Beta blocker bug for anaconda for tracking due to https://fedorahosted.org/fesco/ticket/1412. Please refer to the meeting minutes log for more details: http://meetbot.fedoraproject.org/fedora-meeting/2015-03-11/fesco.2015-03-11-18.01.txt http://meetbot.fedoraproject.org/fedora-meeting/2015-03-11/fesco.2015-03-11-18.01.log.html
Discussed at Fedora Blocker Review Meeting 2015-03-16[0]: AcceptedBlocker for Beta: This bug was nominated by FESCo as a blocker[1], violating the Alpha release criterion[2]: "All bugs deemed by FESCo to block the milestone release must be fixed." [0]: http://meetbot.fedoraproject.org/fedora-blocker-review/2015-03-16/f22-blocker-review.2015-03-16-16.01.log.txt [1]: https://fedorahosted.org/fesco/ticket/1412 [2]: https://fedoraproject.org/wiki/Fedora_22_Alpha_Release_Criteria#FESCo_blocker_bugs
Anaconda now has the ability to allow users to create a consistent policy for the various password entries during installation. The new kickstart %anaconda section and pwpolicy command implement this, as documented here - https://github.com/rhinstaller/anaconda/commit/8f24eeaedd7691b6ebe119592e5bc09c1c42e181 Products can implement their own policy by including a modified copy of https://github.com/rhinstaller/anaconda/blob/f22-branch/data/interactive-defaults.ks in their product.img -- drop it into /usr/share/anaconda/ and it will overwrite the default. Currently you can adjust the policy for the root configuration spoke, the user spoke and the luks passphrase entry.
*** Bug 1204374 has been marked as a duplicate of this bug. ***
From 2015-03-25 FESCo meeting: AGREED: In f22, default back to f21 anaconda password behavior, ask anaconda developers, fedora-release and releng folks to make this change happen before Beta freeze. So FESCo still asks for change in the behaviour. Main question raised was how to implement this change for deliverables that do not use product.img.
python-blivet-1.0.6-1.fc22, anaconda-22.20.8-1.fc22 has been submitted as an update for Fedora 22. https://admin.fedoraproject.org/updates/python-blivet-1.0.6-1.fc22,anaconda-22.20.8-1.fc22
Package python-blivet-1.0.6-1.fc22, anaconda-22.20.8-1.fc22: * should fix your issue, * was pushed to the Fedora 22 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing python-blivet-1.0.6-1.fc22 anaconda-22.20.8-1.fc22' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2015-5530/python-blivet-1.0.6-1.fc22,anaconda-22.20.8-1.fc22 then log in and leave karma (feedback).
python-blivet-1.0.6-1.fc22, anaconda-22.20.8-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.