------- Additional Comments From nhosoi(a)redhat.com 2006-11-28 13:04 EST -------
Created an attachment (id=142311)
--> (
)
cvs diff (passwd_extop.c)
Final diff of passwd_extop.c which has been revised based upon the Nathan's
review.
Reviewed by Nathan (Thank you!!)
Checked in into HEAD
Commit messsage:
Resolves: #216983
Summary: Make random password generation work with policies
Changes: 1) Generate a password that meets the current password syntax rules.
2) Report errors when Min8Bit is set or MinCategories > 4
CVS: ----------------------------------------------------------------------
CVS: Modified Files: passwd_extop.c
CVS: ----------------------------------------------------------------------
Checking in passwd_extop.c;
/cvs/dirsec/ldapserver/ldap/servers/slapd/passwd_extop.c,v <-- passwd_extop.c
new revision: 1.14; previous revision: 1.13
done
------- Additional Comments From nhosoi(a)redhat.com 2006-11-28 12:57 EST -------
Thank you so much, Nathan!
passwordMinCategories: 5
Client>
ldappasswd: Operations error
ldappasswd: additional info: Unable to generate new random password. Please
contact the Administrator.
Server>
[...] - Unable to generate a password that meets the current password syntax
rules. A minimum categories setting of 5 is not supported with random password
generation.
passwordMin8bit: 1
Client>
ldappasswd: Operations error
ldappasswd: additional info: Unable to generate new random password. Please
contact the Administrator.
Server>
[...] - Unable to generate a password that meets the current password syntax
rules. 8-bit syntax restrictions are not supported with random password generation.
------- Additional Comments From nhosoi(a)redhat.com 2006-11-27 18:58 EST -------
Created an attachment (id=142247)
--> (
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142247&action=...)
cvs diff (passwd_extop.c)
Thank you to Nathan for the review and the discussion!
As you suggested, I changed the code to randomly choose the rest of the specified
characters (characters specified by, e.g., minuppers or mindigits). Also, I added
error messages to log in the errors log as well as to return to the client. Please
take a look at the next attachment for the messages.
------- Additional Comments From nhosoi(a)redhat.com 2006-11-27 19:04 EST -------
Created an attachment (id=142248)
--> (
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142248&action=...)
generated password sample + error messages
Added error messages are for
1. when passwordMinCategories is 5, which expects the generated password to
include 8-bit character(s). Password Generator does not support such a
password.
2. when passwordMin8Bit is set.
Also, fixed the bug pointed out by Nathan in Comment#3.
Lastly, the generated password sequence looks more randomized!
> Summary: Make random password generation work with policies
>
>
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983
>
> Description of problem:
> passwd_modify_generate_passwd (passwd_extop.c) always generates
> 8-bytes random
> characters made by PK11_GenerateRandom and ldif_base64_encode. It
> needs to
> generate a password which follows the password policy if it's defined.
>
> ------- Additional Comments From nhosoi(a)redhat.com 2006-11-27 14:18
> EST -------
> Created an attachment (id=142208)
> -->
> (
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142208&action=...)
>
> cvs diff (passwd_extop.c)
>
> File:
> ldap/servers/slapd/passwd_extop.c
>
> Changes:
> 1. Renamed passwd_modify_generate_passwd to
> passwd_modify_generate_basic_passwd, which algorithm is used when no
> specific
> password rule or just the minimum length is given.
> 2. If some other rules are set, passwd_modify_generate_policy_passwd
> is called
> and generates a password which fulfills the requirement.
>
> Note: this password generator does not support passwordMin8Bit. If it
> generates a password which includes 8-bit characters, most likely
> they won't be
> able to be displayed or input from the users' keyboard. We should
> note it in the
> doc...
>
> ------- Additional Comments From nhosoi(a)redhat.com 2006-11-27 14:21
> EST -------
> Created an attachment (id=142213)
> -->
> (
https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142213&action=...)
>
> generated password sample
>
> Attached is the sample output from ldappasswd. Do you think this
> quality of
> the randomness satisfies the requirement?
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-devel mailing list
> Fedora-directory-devel(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>
------------------------------------------------------------------------
--
Fedora-directory-devel mailing list
Fedora-directory-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-devel