Red Hat Bugzilla – Bug 608353
Odd user credentials settings
Last modified: 2015-05-29 16:10:43 EDT
Description of problem:
When installing a RHN Satellite or Spacewalk server the default value of web.min_user_len as well as min password length is set to five chars.
The minimum user name length is quite useless, in contrary a five char password is way to short. Also insecure password such as "blahblah" are accepted.
It would be great to inherit such setting from PAM of the system where the RHN Satellite/Spacewalk Server is installed.
Version-Release number of selected component (if applicable):
- RHN Satellite 5.3.0, latest patches applied
- Spacewalk 1.0
Steps to Reproduce:
1. Create a new user such as "root"
Logins must be no shorter than 3 characters
New user should be created, but password need to more secure.
Maybe the it would be a good idea to use PAM for authenticate users. This would enable companies to enforce its password policies also for the satellite/spacewalk server.
Logins must be no shorter than 3 characters was after following https://access.redhat.com/kb/docs/DOC-11082. It was a copy-paste mistake, s/3/5/g
Additionally I wanted to add: Red Hat Support gets confused in support cases when users len is less that five.