[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH]Validation of root password with cracklib



Matthew Miller wrote:
On Mon, Dec 17, 2007 at 11:07:04AM +0900, HARA Hiroshi wrote:
"Bad password" is too vague. This message needs to explain that the password
isn't strong enough to meet some basic tests, not just that it's bad.
I see. as you said, only "Bad password" is too vague, but "msg" can explain something.

Right. Perhaps starting with "Weak Password" as the caption, and then
explaining a bit more.
Thank you, so I changed the caption from "Bad Password" to
"Weak Password". (But any other messages are same as passwd command's)


2-1. If "No" button is pressed, you need to retry to input a password.
2-2. If "Yes" button is pressed, you do NOT need to retry to input a
     password, you can use a dictionary word password like "anaconda".
I'm sorry for my poor English, and if I misuderstood what you mean,
please let me know.

I understand that as a reasonable compromise behavior, but in the CDs I give
out to people, I'd prefer there not to be any option to use a dictionary
word at all. (If there's a way to shoot themselves in the foot, people will
take it.)
Thank you. I see, so I'll reconsider the options later.

Currently I think that it is better that the behavior of root password
validation would be similar to passwd command.
passwd command can continue with weak password for "root"(with only warning)
(passwd command can not continue with weak password for "non-privilege users")

thanks,

(The attached patch is changed the caption from "Bad Password" to "Weak Password")

diff --git a/textw/userauth_text.py b/textw/userauth_text.py
old mode 100644
new mode 100755
index 97092c3..b8b5bcd
--- a/textw/userauth_text.py
+++ b/textw/userauth_text.py
@@ -71,7 +71,19 @@ class RootPasswordWindow:
                          "which are not allowed."),
 		       buttons = [ TEXT_OK_BUTTON ], width = 50)
             else:
-                break
+                import cracklib
+                msg = cracklib.FascistCheck(entry1.value())
+                if msg is not None:
+                    ret = anaconda.intf.messageWindow(_("Weak Password"),
+                                                  _("BAD PASSWORD: %s"
+                                                    "\n\n"
+                                                    "Would you like to continue with this "
+                                                    "password?" % (msg, )),
+                                                  type = "yesno")
+                    if ret == 1:
+                        break
+                else:
+                    break
 
             entry1.set ("")
             entry2.set ("")
diff --git a/iw/account_gui.py b/iw/account_gui.py
old mode 100644
new mode 100755
index 893df11..1f3a3fd
--- a/iw/account_gui.py
+++ b/iw/account_gui.py
@@ -63,6 +63,18 @@ class AccountWindow (InstallWindow):
                                       "six characters long."),
                                     custom_icon="error")
             passwordError()
+
+        import cracklib
+        msg = cracklib.FascistCheck(pw)
+        if msg is not None:
+            ret = self.intf.messageWindow(_("Weak Password"),
+                                          _("BAD PASSWORD: %s"
+                                            "\n\n"
+                                            "Would you like to continue with this "
+                                            "password?" % (msg, )),
+                                          type = "yesno")
+            if ret == 0:
+                passwordError()
         
         allowed = string.digits + string.ascii_letters + string.punctuation + " "
         for letter in pw:
diff --git a/scripts/upd-instroot b/scripts/upd-instroot
index 6a39cb4..c366630 100755
--- a/scripts/upd-instroot
+++ b/scripts/upd-instroot
@@ -254,7 +254,8 @@ PACKAGES="glibc-common setup python newt slang libselinux
 	 libdhcp libnl libdhcp6client libdhcp4client newt-python
 	 device-mapper device-mapper-libs dmraid keyutils-libs libsemanage-python
 	 python-pyblock mkinitrd libbdevid libbdevid-python nss nspr pcre
-	 cryptsetup-luks libgcrypt libgpg-error udev udev-static dbus dbus-python hal"
+	 cryptsetup-luks libgcrypt libgpg-error udev udev-static dbus dbus-python hal
+	 cracklib-python"
 
 if [ $ARCH = i386 ]; then
     PACKAGES="$PACKAGES glibc.i386 openssl.i386"
@@ -517,6 +518,7 @@ usr/lib/python?.?/site-packages/repomd
 usr/lib/python?.?/site-packages/pirut
 usr/lib/python?.?/site-packages/pykickstart
 usr/lib/python?.?/site-packages/rhpxl
+usr/lib/python?.?/site-packages/cracklibmodule.so
 usr/lib/rpm/macros
 usr/lib/rpm/rpmpopt
 usr/lib/rpm/rpmrc

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]