<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=UTF-8" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
<pre wrap="">Summary: Make random password generation work with policies
<a class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983">https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983</a>
------- Additional Comments From <a class="moz-txt-link-abbreviated"
href="mailto:nhosoi@redhat.com">nhosoi@redhat.com</a> 2006-11-27 18:58 EST -------
Created an attachment (id=142247)
--> (<a class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142247&action=view">https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142247&action=view</a>)
cvs diff (passwd_extop.c)
Thank you to Nathan for the review and the discussion!
As you suggested, I changed the code to randomly choose the rest of the specified
characters (characters specified by, e.g., minuppers or mindigits). Also, I added
error messages to log in the errors log as well as to return to the client. Please
take a look at the next attachment for the messages.
------- Additional Comments From <a class="moz-txt-link-abbreviated"
href="mailto:nhosoi@redhat.com">nhosoi@redhat.com</a> 2006-11-27 19:04 EST -------
Created an attachment (id=142248)
--> (<a class="moz-txt-link-freetext"
href="https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142248&action=view">https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142248&action=view</a>)
generated password sample + error messages
Added error messages are for
1. when passwordMinCategories is 5, which expects the generated password to
include 8-bit character(s). Password Generator does not support such a
password.
2. when passwordMin8Bit is set.
Also, fixed the bug pointed out by Nathan in Comment#3.
Lastly, the generated password sequence looks more randomized!
</pre>
<blockquote cite="mid:456B3C0F.9020104@redhat.com" type="cite">Summary:
Make random password generation work with policies
<br>
<br>
<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983">https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983</a>
<br>
<br>
Description of problem:
<br>
passwd_modify_generate_passwd (passwd_extop.c) always generates 8-bytes
random
<br>
characters made by PK11_GenerateRandom and ldif_base64_encode. It
needs to
<br>
generate a password which follows the password policy if it's defined.
<br>
<br>
------- Additional Comments From <a class="moz-txt-link-abbreviated" href="mailto:nhosoi@redhat.com">nhosoi@redhat.com</a> 2006-11-27 14:18
EST -------
<br>
Created an attachment (id=142208)
<br>
-->
(<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142208&action=view">https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142208&action=view</a>)
<br>
cvs diff (passwd_extop.c)
<br>
<br>
File:
<br>
ldap/servers/slapd/passwd_extop.c
<br>
<br>
Changes:
<br>
1. Renamed passwd_modify_generate_passwd to
<br>
passwd_modify_generate_basic_passwd, which algorithm is used when no
specific
<br>
password rule or just the minimum length is given.
<br>
2. If some other rules are set, passwd_modify_generate_policy_passwd is
called
<br>
and generates a password which fulfills the requirement.
<br>
<br>
Note: this password generator does not support passwordMin8Bit. If it
<br>
generates a password which includes 8-bit characters, most likely they
won't be
<br>
able to be displayed or input from the users' keyboard. We should note
it in the
<br>
doc...
<br>
<br>
------- Additional Comments From <a class="moz-txt-link-abbreviated" href="mailto:nhosoi@redhat.com">nhosoi@redhat.com</a> 2006-11-27 14:21
EST -------
<br>
Created an attachment (id=142213)
<br>
-->
(<a class="moz-txt-link-freetext" href="https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142213&action=view">https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142213&action=view</a>)
<br>
generated password sample
<br>
<br>
Attached is the sample output from ldappasswd. Do you think this
quality of
<br>
the randomness satisfies the requirement? <br>
<br>
<pre wrap="">
<hr size="4" width="90%">
--
Fedora-directory-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Fedora-directory-devel@redhat.com">Fedora-directory-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/fedora-directory-devel">https://www.redhat.com/mailman/listinfo/fedora-directory-devel</a>
</pre>
</blockquote>
<br>
</body>
</html>