Red Hat Bugzilla – Bug 448456
Should kadmin.local require words?
Last modified: 2008-05-27 10:28:01 EDT
Description of problem:
I have installed and configured ipa-server.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Install and configure ipa-server, but do not install the words package.
2. Add a user to the FDS server.
3. Change the password for the user.
The following is logged in kadmind.log:
... WARNING! Cannot find dictionary file /usr/share/dict/words, continuing without one
I assume that this is referring to a security check that ensures that the proposed password is not in the
dictionary. As a minimum, I would expect that the user be warned of this, instead of simply logging the
warning for the administrator. Even better, the ipa-server should require the words package and the
password change should fail if there is an error reading the dictionary.
You should *never* use kadmin or kadmin.local with IPA