Red Hat Bugzilla – Bug 827392
Host OTP :: Random password characters should be limited.
Last modified: 2013-05-20 15:11:11 EDT
Description of problem: This request was raised by atolani as part of "IPA May 2012 - Test Day - IPA Host OTP". Version-Release number of selected component (if applicable): ipa-server-2.2.0-16.el6.x86_64 How reproducible: Steps to Reproduce: 1. ipa host-add --random $CLIENT Actual results: Generates password with '#\... Expected results: limit the random password characters. Additional info: <atolani> mkosek, Hie, I believe we need to have a smart password policy for random passwords... I got W#W'cu.c\Aa[ as password & I am now unable to escape quote in this password <mkosek> atolani: does 'W#W\'cu.c\Aa[' work? <mkosek> atolani: though you are right, that some of the characters should be omited from password <atolani> mkosek, no then you will have a single quote in the end <atolani> i mean if we allow them & some how escape, we need to school lots of customers... <mkosek> atolani: this should work then: W#W\\\'cu.c\\Aa\[ :-) <mkosek> atolani, shanks: but please create a bug to limit the random password characters, you are right that it is not user-friendly
We already limit characters for random user passwords, we should do the same for host passwords, otherwise user may have issues entering such passwords in standard shell. I will create a ticket.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/2800
Fixed upstream: master: https://fedorahosted.org/freeipa/changeset/8ce7330c5330e45c59c70d984a7fed526e85c58c
regression test atuomated in HOST test suite
verified :: :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: BZ 827392 - Random password characters should be limited. :::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: :: [ LOG ] :: Ip address is 10.16.98.191 :: [ LOG ] :: Checking for bad characters in the random password nw5Fv-=hZI.u :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password X2wZt7ZMOvdc :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password Xu3jM7siDnpq :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password pUjW01nK,k7L :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password gCwFq.ciab5Q :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password 9_3Api@mrM8a :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password Mpfz8iXSJ_0z :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password cnfPjQ9JKS0t :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password CR6A9ntsP6fQ :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Checking for bad characters in the random password @fqQwKc.RvEP :: [ LOG ] :: passed var was :: [ PASS ] :: Check to make sure that no unfriendly characters do not exist in the generated random password. :: [ LOG ] :: Duration: 41s :: [ LOG ] :: Assertions: 10 good, 0 bad :: [ PASS ] :: RESULT: BZ 827392 - Random password characters should be limited. version :: ipa-server-3.0.0-12.el6
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2013-0528.html