[Freeipa-devel] [PATCH] confirm password
Pete Rowley
prowley at redhat.com
Fri Sep 7 17:50:42 UTC 2007
Karl MacMillan wrote:
> On Thu, 2007-09-06 at 14:27 -0700, Kevin McCarthy wrote:
>
>> After some feedback from Bob and Pete, I'm removing the password
>> generator and adding a confirm password field. (Just commented out for
>> now in case people change their mind)
>>
>>
>
> What was the rationale for this?
>
>
Generating passwords requires that the password be communicated to the
admin in the clear which introduces shoulder surfers and screen scrapers
to the threat model. In addition the password is not likely to be
memorable enough to not be written down somewhere, and so further
exposing it to risk of compromise.
--
Pete
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3241 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20070907/01428f31/attachment.bin>
More information about the Freeipa-devel
mailing list