[Freeipa-devel] [PATCH] confirm password
Karl MacMillan
kmacmill at redhat.com
Fri Sep 7 17:54:22 UTC 2007
On Fri, 2007-09-07 at 10:50 -0700, Pete Rowley wrote:
> Karl MacMillan wrote:
> > On Thu, 2007-09-06 at 14:27 -0700, Kevin McCarthy wrote:
> >
> >> After some feedback from Bob and Pete, I'm removing the password
> >> generator and adding a confirm password field. (Just commented out for
> >> now in case people change their mind)
> >>
> >>
> >
> > What was the rationale for this?
> >
> >
> Generating passwords requires that the password be communicated to the
> admin in the clear which introduces shoulder surfers and screen scrapers
> to the threat model. In addition the password is not likely to be
> memorable enough to not be written down somewhere, and so further
> exposing it to risk of compromise.
>
Except that it is useful when generating accounts (especially a large
number) and then printing the account information to hand to the user.
We had discussed being able to generate a pdf with the account
information for this purpose.
Karl
More information about the Freeipa-devel
mailing list