[Freeipa-devel] [PATCH] confirm password
Karl MacMillan
kmacmill at redhat.com
Fri Sep 7 18:12:54 UTC 2007
On Fri, 2007-09-07 at 11:09 -0700, Pete Rowley wrote:
> Karl MacMillan wrote:
[...]
> >
> > Except that it is useful when generating accounts (especially a large
> > number) and then printing the account information to hand to the user.
> > We had discussed being able to generate a pdf with the account
> > information for this purpose.
> >
> >
> Generating a unique password and then printing it out for easy
> compromise seems like something we definitely shouldn't be doing or
> encouraging.
Why? I've used that setup many times before and as long as the printer
is secure it works very well. Just like it displaying the password on
the screen can be secure and very convenient, you just have to take
precautions.
> I believe current practice of setting the initial password
> tends to fall into two categories:
>
> 1) the end user is asked to type it in
> 2) it is deterministic
>
> Both options are covered by the ui as it now is with the caveat that the
> deterministic password must be typed in.
>
> I don't see this in the PRD, did I miss it?
>
Don't think it's covered in there.
Karl
More information about the Freeipa-devel
mailing list