Bug 475745
| Summary: | Cannot change Master Password after enable FIPS | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Yolkfull Chow <yzhou> |
| Component: | firefox | Assignee: | Kai Engert (:kaie) (inactive account) <kengert> |
| Status: | CLOSED NOTABUG | QA Contact: | desktop-bugs <desktop-bugs> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 5.2 | CC: | caillon, desktop-bugs, gecko-bugs-nobody |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2009-01-06 18:16:42 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Yolkfull Chow
2008-12-10 09:12:24 UTC
Get a workaround: After enable FIPS, for the purpose of changing master password,user need restart firefox and disable FIPS at this time (can NOT disable FIPS as soon as enable it, but can enable it after disable, problem? ) and change password will succeed. In my option, user should be able to enable/disable FIPS and change master password without restarting firefox. Please correct me if I am wrong or software is designed as it is. Can reproduce with firefox-3.0.4-1.fc10.i386 on Fedora 10. Not sure, however, whether this behavior is not intentional in compliance with FIPS. When FIPS is enabled, there are strict requirements for the "quality" of a password. I found an older description of the restrictions, I suspect they are still the same, from http://markmail.org/message/a73ia7tsos5e2ysq : --------------------- In FIPS mode, the NSS cryptographic module imposes the following requirements on the password. * The password must be at least seven characters long. * The password must consist of characters from three or more character classes. We define five character classes: digits (0-9), ASCII lowercase letters, ASCII uppercase letters, ASCII non-alphanumeric characters (such as space and punctuation marks), and non-ASCII characters. If an ASCII uppercase letter is the first character of the password, the uppercase letter is not counted toward its character class. Similarly, if a digit is the last character of the password, the digit is not counted toward its character class. -------------------- Yes, the user interface should inform the user WHY changing the password failed, this is a known issue. Can you please try with such a "better" password and let us know if it allows you to change the password? Yes, after setting a _better_ password it worked fine. So it is the problem that user should be informed why "Unable to change the master password". And another problem, after disable FIPS and remove master password, and then reset a pwd, cannot enable FIPS at this time since the button "Enable FIPS" is gray, it is not activated after user setting a pwd again. But restart firefox will be ok. Any idea? See also: https://bugzilla.mozilla.org/show_bug.cgi?id=458750 https://bugzilla.mozilla.org/show_bug.cgi?id=458752 (In reply to comment #4) > after disable FIPS and remove master password, and then > reset a pwd, cannot enable FIPS at this time since the button "Enable FIPS" is > gray, it is not activated after user setting a pwd again. But restart firefox > will be ok. Any idea? Yes, you must restart Firefox in order to change the FIPS modus twice. So, Kai, what is the status of this bug? The status is "not a bug" and "usability issue tracked upstream". |