Bug 608353 - Odd user credentials settings
Summary: Odd user credentials settings
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Satellite 5
Classification: Red Hat
Component: WebUI
Version: 530
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Tomas Lestach
QA Contact: Red Hat Satellite QA List
URL:
Whiteboard:
Depends On:
Blocks: 462714
TreeView+ depends on / blocked
 
Reported: 2010-06-26 22:37 UTC by Luc de Louw
Modified: 2015-05-29 20:10 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-05-29 20:10:43 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Luc de Louw 2010-06-26 22:37:30 UTC
Description of problem:
When installing a RHN Satellite or Spacewalk server the default value of web.min_user_len as well as min password length is set to five chars. 

The minimum user name length is quite useless, in contrary a five char password is way to short. Also insecure password such as "blahblah" are accepted.

It would be great to inherit such setting from PAM of the system where the RHN Satellite/Spacewalk Server is installed.

Version-Release number of selected component (if applicable):
- RHN Satellite 5.3.0, latest patches applied
- Spacewalk 1.0

How reproducible:
Always

Steps to Reproduce:
1. Create a new user such as "root"
  
Actual results:
Logins must be no shorter than 3 characters

Expected results:
New user should be created, but password need to more secure.

Additional info:
Maybe the it would be a good idea to use PAM for authenticate users. This would enable companies to enforce its password policies also for the satellite/spacewalk server.

Comment 1 Luc de Louw 2010-06-26 22:40:04 UTC
Logins must be no shorter than 3 characters was after following https://access.redhat.com/kb/docs/DOC-11082. It was a copy-paste mistake, s/3/5/g

Additionally I wanted to add: Red Hat Support gets confused in support cases when users len is less that five.


Note You need to log in before you can comment on or make changes to this bug.