[Freeipa-devel] [freeipa PR#317][comment] Unify password generation across FreeIPA
stlaz
freeipa-github-notification at redhat.com
Thu Dec 8 15:03:38 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/317
Title: #317: Unify password generation across FreeIPA
stlaz commented:
"""
@simo5 I was actually trying to get rid of SHA-1 and I am aware that entropy will not be raised, that part of the code draw a smile on some of our faces here, really :)
As for the spaces, I did not encounter issues with them in password.conf files which is awesome but I agree they're potentially dangerous. However, removing them from default set of password chars would not make our life easier as the check would have to stay there in case someone passes them as a possible character as an argument to ipa_generate_password (although they should probably know what they're doing, right?).
We may be able to get rid off the `characters` argument should the cases where it's used are found invalid though (currently in `host`, `user` passwords and in `dnskeysync`).
@tiran Regarding sha1 - did you see the patch? ;) However I agree that the length is not a good argument for password-generating function, I will have a look at transforming it to entropy.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/317#issuecomment-265761543
More information about the Freeipa-devel
mailing list