[Freeipa-devel] [PATCH] 26 Fix '--random' param behaviour for host plugin
Ondrej Hamada
ohamada at redhat.com
Wed Jun 20 15:43:33 UTC 2012
On 06/15/2012 07:36 AM, Martin Kosek wrote:
> On Thu, 2012-06-14 at 16:35 -0400, Rob Crittenden wrote:
>> Ondrej Hamada wrote:
>>> Improved options checking so that host-mod operation is not changing
>>> password for enrolled host when '--random' option is used.
>>>
>>> https://fedorahosted.org/freeipa/ticket/2799
>>>
>>> Updated set of characters that is used for generating random passwords
>>> for ipa hosts. Following characters were removed from the set: '"`\$<>
>>>
>>> https://fedorahosted.org/freeipa/ticket/2800
>> This works ok but it would be nice to have a test for both setting a
>> password and random on an enrolled host to prevent regressions. We have
>> some ipa-getkeytab tests already and these can be extended to test this
>> I think.
>>
>> Might be nice to mention in the inline comment the set of characters
>> excluded and why.
>>
>> rob
>>
I've added new test class into test_host_plugin.py that takes care of
that. Just there is a problem that the ipa-join command always fails on
'adding key into keytab'. But the attributes necessary for testing are
set correctly, so the testing can continue.
> We already generate passwords for users with this character set:
> user_pwdchars = string.digits + string.ascii_letters + '_,. at +-='
>
> Why would we want to generate passwords for host enrolling with a
> different set? Additionally, I think the set of characters you chose is
> too wide, try entering a passwords with ' ', !, (, ), &, or ; without
> careful escaping or quoting...
>
> Martin
>
Ok, I've used the same set of characters as for the user passwords.
--
Regards,
Ondrej Hamada
FreeIPA team
jabber: ohama at jabbim.cz
IRC: ohamada
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-ohamada-26-2-Change-random-passwords-behaviour.patch
Type: text/x-patch
Size: 6316 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20120620/09d49bba/attachment.bin>
More information about the Freeipa-devel
mailing list