7:42 a.m.
Hi,
The initial-setup just after the installation of Fedora 25 (or any version) accepts weak
passwords for root and the other users created after the installation. I tried the
password 'a' and it accepted without any strict verification. Found this in Fedora
25, but I think it is the same for all versions, including Rawhide. Is this a bug ?
Thanks,
Jos Collin
8:48 a.m.
Strange,for me in install for root and first user in F25, I had to click
two times for accept a weak password
I think it's a bug, or it has to notify better to the user at least
En 26 de febrero de 2017 3:41:05 p. m. jcollin(a)redhat.com escribió:
Hi,
The initial-setup just after the installation of Fedora 25 (or any version)
accepts weak passwords for root and the other users created after the
installation. I tried the password 'a' and it accepted without any strict
verification. Found this in Fedora 25, but I think it is the same for all
versions, including Rawhide. Is this a bug ?
Thanks,
Jos Collin
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
1:09 p.m.
On Sun, 2017-02-26 at 15:48 +0100, kevin01010(a)gmail.com wrote:
Strange,for me in install for root and first user in F25, I had to
click
two times for accept a weak password
I think it's a bug, or it has to notify better to the user at least
Hi,
The confusion is that there are three different programs that you might
be creating your initial user in, and they behave differently:
(1) anaconda -- requires two clicks to confirm use of a weak password
(2) initial-setup -- no clue how this one works, I've never used it
(3) gnome-initial-setup -- completely disallows weak passwords due to
unresolved technical limitations (see [1], specifically any weak
password would be blocked by pam-pwquality)
I assume that Jos is really talking about initial-setup, since his
description of what occurred does not match my understanding of the
behavior of anaconda or gnome-initial-setup, and gnome-initial-setup is
only for creating an unprivileged user anyway. But I didn't realize you
could create a root account from initial-setup. So I'm not even
confident about which program this is about.
Michael
[1]
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.o...
10:33 a.m.
On Sun, 2017-02-26 at 13:42 +0000, jcollin(a)redhat.com wrote:
Hi,
The initial-setup just after the installation of Fedora 25 (or any
version) accepts weak passwords for root and the other users created
after the installation. I tried the password 'a' and it accepted
without any strict verification. Found this in Fedora 25, but I think
it is the same for all versions, including Rawhide.s a bug ?
I have just installed
Fedora 25 & latest Rawhide (netinst image) with
the KDE Environment, so that Initial Setup shows up (Gnome Initial
Setup shows up for the Fedora Workstation environment) after reboot.
In both cases Initial Setup shows up after the installation and
provides just the option to create a user.
Next I've tried to use "a" as password:
- Initial Setup tells me the password is weak
- I have to press done twice to confirm I'm OK with such a weak
password
This behavior looks quite correct to me - the user it told the password
is bad & has to confirm using it.
Also there has bee no option to set root password in Initial Setup. Are
you possibly using a kickstart with "firstboot --enable --reconfig"[0]
? That switches Initial Setup into reconfig mode where it *is* possible
to set a root password in it. The reconfig mode is also used by the
Fedora ARM images.
[0] http://pykickstart.readthedocs.io/en/latest/kickstart-docs.html#fir
stboot
>
> Thanks,
> Jos Collin
> _______________________________________________
> devel mailing list -- devel(a)lists.fedoraproject.org
> To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
12:20 p.m.
On Sun, Feb 26, 2017 at 01:42:41PM -0000, jcollin(a)redhat.com wrote:
Hi,
The initial-setup just after the installation of Fedora 25 (or any version) accepts weak
passwords for root and the other users created after the installation. I tried the
password 'a' and it accepted without any strict verification. Found this in Fedora
25, but I think it is the same for all versions, including Rawhide. Is this a bug ?
For the sake of those of us who install throwaway VMs for testing
all the time, please don't change this behaviour. If people want
to use stupid passwords, let them.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
2608
days inactive
2609
days old
4 comments
5 participants
participants (5)
-
jcollin@redhat.com -
kevin01010@gmail.com -
Martin Kolman -
Michael Catanzaro -
Richard W.M. Jones