Bug 827392 - Host OTP :: Random password characters should be limited.
Host OTP :: Random password characters should be limited.
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa (Show other bugs)
6.3
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Rob Crittenden
Namita Soman
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-01 06:38 EDT by Gowrishankar Rajaiyan
Modified: 2013-05-20 15:11 EDT (History)
2 users (show)

See Also:
Fixed In Version: ipa-3.0.0-1.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-02-21 04:14:52 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Gowrishankar Rajaiyan 2012-06-01 06:38:59 EDT
Description of problem:
This request was raised by atolani as part of "IPA May 2012 - Test Day - IPA Host OTP". 


Version-Release number of selected component (if applicable):
ipa-server-2.2.0-16.el6.x86_64

How reproducible:


Steps to Reproduce:
1. ipa host-add --random $CLIENT



Actual results: Generates password with '#\...


Expected results: limit the random password characters.


Additional info:
<atolani> mkosek, Hie, I believe we need to have a smart password policy for random passwords... I got W#W'cu.c\Aa[ as password & I am now unable to escape quote in this password

<mkosek> atolani: does 'W#W\'cu.c\Aa[' work?
<mkosek> atolani: though you are right, that some of the characters should be omited from password
<atolani> mkosek, no then you will have a single quote in the end 

<atolani> i mean if we allow them & some how escape, we need to school lots of customers... 

<mkosek> atolani: this should work then: W#W\\\'cu.c\\Aa\[     :-)
<mkosek> atolani, shanks: but please create a bug to limit the random password characters, you are right that it is not user-friendly
Comment 2 Martin Kosek 2012-06-01 08:01:36 EDT
We already limit characters for random user passwords, we should do the same for host passwords, otherwise user may have issues entering such passwords in standard shell. I will create a ticket.
Comment 3 Martin Kosek 2012-06-01 08:03:33 EDT
Upstream ticket:
https://fedorahosted.org/freeipa/ticket/2800
Comment 4 Martin Kosek 2012-06-27 07:01:26 EDT
Fixed upstream:
master: https://fedorahosted.org/freeipa/changeset/8ce7330c5330e45c59c70d984a7fed526e85c58c
Comment 5 Jenny Galipeau 2012-09-25 12:22:31 EDT
regression test atuomated in HOST test suite
Comment 8 Jenny Galipeau 2013-01-15 16:30:49 EST
verified ::

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:: [   LOG    ] :: BZ 827392 - Random password characters should be limited.
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

:: [   LOG    ] :: Ip address is 10.16.98.191
:: [   LOG    ] :: Checking for bad characters in the random password nw5Fv-=hZI.u
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password X2wZt7ZMOvdc
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password Xu3jM7siDnpq
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password pUjW01nK,k7L
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password gCwFq.ciab5Q
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password 9_3Api@mrM8a
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password Mpfz8iXSJ_0z
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password cnfPjQ9JKS0t
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password CR6A9ntsP6fQ
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Checking for bad characters in the random password @fqQwKc.RvEP
:: [   LOG    ] :: passed var was 
:: [   PASS   ] :: Check to make sure that no unfriendly characters do not exist in the generated random password.
:: [   LOG    ] :: Duration: 41s
:: [   LOG    ] :: Assertions: 10 good, 0 bad
:: [   PASS   ] :: RESULT: BZ 827392 - Random password characters should be limited.

version :: 

ipa-server-3.0.0-12.el6
Comment 10 errata-xmlrpc 2013-02-21 04:14:52 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0528.html

Note You need to log in before you can comment on or make changes to this bug.