Bug 448456 - Should kadmin.local require words?
Summary: Should kadmin.local require words?
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Fedora
Classification: Fedora
Component: ipa
Version: 9
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Rob Crittenden
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-05-27 02:11 UTC by W. Michael Petullo
Modified: 2008-05-27 14:28 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-05-27 14:28:01 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description W. Michael Petullo 2008-05-27 02:11:34 UTC
Description of problem:
I have installed and configured ipa-server.

Version-Release number of selected component (if applicable):
ipa-server-1.0.0-6.fc9.i386

How reproducible:
Every time

Steps to Reproduce:
1. Install and configure ipa-server, but do not install the words package.
2. Add a user to the FDS server.
3. Change the password for the user.
  
Actual results:
The following is logged in kadmind.log:

... WARNING! Cannot find dictionary file /usr/share/dict/words, continuing without one

Expected results:
I assume that this is referring to a security check that ensures that the proposed password is not in the 
dictionary. As a minimum, I would expect that the user be warned of this, instead of simply logging the 
warning for the administrator. Even better, the ipa-server should require the words package and the 
password change should fail if there is an error reading the dictionary.

Additional info:

Comment 1 Simo Sorce 2008-05-27 14:28:01 UTC
You should *never* use kadmin or kadmin.local with IPA


Note You need to log in before you can comment on or make changes to this bug.