[Freeipa-devel] [PATCH] 0002 Improve password validity check
David Kupka
dkupka at redhat.com
Mon Jul 21 14:08:55 UTC 2014
On 07/18/2014 12:52 PM, Martin Kosek wrote:
> On 07/18/2014 12:33 PM, David Kupka wrote:
>> https://fedorahosted.org/freeipa/ticket/2796
>
> 1) Would it be easier/more convenient to just implement following simple check
> instead of bad_prefix/bad_suffix?
>
> if password.strip() != password:
> raise ValueError('Password must not start or end with whitespace')
>
Yes it would. Edited patch attached.
>
> 2) The main goal of the ticket 2796 was not fixed yet. It sometimes happen that
> when installation crashes somewhere right after pkicreate, it does not record
> and and does not uninstall the PKI component during "ipa-server-install
> --uninstall".
>
> You may artificially invoke some crash in cainstance.py after pkicreate to test
> it. When fixing it, check how is_configured() in Service object works an how
> self.backup_state is called in other service modules (like dsinstance.py) where
> the detection works correctly.
You're completely right, Martin. I was unable to reproduce the bug (to
force pkicreate/pkispawn to fail) so I thought that it was fixed by the
password restriction.
Then I discovered that most of the banned characters for password are no
longer causing troubles a focused on this. But it's yet another issue.
>
> Martin
>
--
David Kupka
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-dkupka-0002-2-Improve-password-validity-check.patch
Type: text/x-patch
Size: 2731 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20140721/005aa72e/attachment.bin>
More information about the Freeipa-devel
mailing list