448456 – Should kadmin.local require words?

Bug 448456 - Should kadmin.local require words?

Summary: Should kadmin.local require words?

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	ipa
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Rob Crittenden
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-05-27 02:11 UTC by W. Michael Petullo
Modified:	2008-05-27 14:28 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2008-05-27 14:28:01 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description W. Michael Petullo 2008-05-27 02:11:34 UTC

Description of problem:
I have installed and configured ipa-server.

Version-Release number of selected component (if applicable):
ipa-server-1.0.0-6.fc9.i386

How reproducible:
Every time

Steps to Reproduce:
1. Install and configure ipa-server, but do not install the words package.
2. Add a user to the FDS server.
3. Change the password for the user.
  
Actual results:
The following is logged in kadmind.log:

... WARNING! Cannot find dictionary file /usr/share/dict/words, continuing without one

Expected results:
I assume that this is referring to a security check that ensures that the proposed password is not in the 
dictionary. As a minimum, I would expect that the user be warned of this, instead of simply logging the 
warning for the administrator. Even better, the ipa-server should require the words package and the 
password change should fail if there is an error reading the dictionary.

Additional info:

Comment 1 Simo Sorce 2008-05-27 14:28:01 UTC

You should *never* use kadmin or kadmin.local with IPA

Note You need to log in before you can comment on or make changes to this bug.