[Freeipa-devel] [PATCH] 26 Fix '--random' param behaviour for host plugin
Martin Kosek
mkosek at redhat.com
Fri Jun 15 05:36:54 UTC 2012
On Thu, 2012-06-14 at 16:35 -0400, Rob Crittenden wrote:
> Ondrej Hamada wrote:
> > Improved options checking so that host-mod operation is not changing
> > password for enrolled host when '--random' option is used.
> >
> > https://fedorahosted.org/freeipa/ticket/2799
> >
> > Updated set of characters that is used for generating random passwords
> > for ipa hosts. Following characters were removed from the set: '"`\$<>
> >
> > https://fedorahosted.org/freeipa/ticket/2800
>
> This works ok but it would be nice to have a test for both setting a
> password and random on an enrolled host to prevent regressions. We have
> some ipa-getkeytab tests already and these can be extended to test this
> I think.
>
> Might be nice to mention in the inline comment the set of characters
> excluded and why.
>
> rob
>
We already generate passwords for users with this character set:
user_pwdchars = string.digits + string.ascii_letters + '_,. at +-='
Why would we want to generate passwords for host enrolling with a
different set? Additionally, I think the set of characters you chose is
too wide, try entering a passwords with ' ', !, (, ), &, or ; without
careful escaping or quoting...
Martin
More information about the Freeipa-devel
mailing list