Bug 448456 - Should kadmin.local require words?
Should kadmin.local require words?
Status: CLOSED WONTFIX
Product: Fedora
Classification: Fedora
Component: ipa (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Rob Crittenden
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-26 22:11 EDT by W. Michael Petullo
Modified: 2008-05-27 10:28 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-27 10:28:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description W. Michael Petullo 2008-05-26 22:11:34 EDT
Description of problem:
I have installed and configured ipa-server.

Version-Release number of selected component (if applicable):
ipa-server-1.0.0-6.fc9.i386

How reproducible:
Every time

Steps to Reproduce:
1. Install and configure ipa-server, but do not install the words package.
2. Add a user to the FDS server.
3. Change the password for the user.
  
Actual results:
The following is logged in kadmind.log:

... WARNING! Cannot find dictionary file /usr/share/dict/words, continuing without one

Expected results:
I assume that this is referring to a security check that ensures that the proposed password is not in the 
dictionary. As a minimum, I would expect that the user be warned of this, instead of simply logging the 
warning for the administrator. Even better, the ipa-server should require the words package and the 
password change should fail if there is an error reading the dictionary.

Additional info:
Comment 1 Simo Sorce 2008-05-27 10:28:01 EDT
You should *never* use kadmin or kadmin.local with IPA

Note You need to log in before you can comment on or make changes to this bug.