[Fedora-directory-devel] Request for reviews and comments: [Bug 216983] New: Make random password generation work with policies

[Noriko Hosoi]

Summary: Make random password generation work with policies

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=216983

Description of problem:
passwd_modify_generate_passwd (passwd_extop.c) always generates 8-bytes random
characters made by PK11_GenerateRandom and ldif_base64_encode.  It needs to
generate a password which follows the password policy if it's defined.

------- Additional Comments From nhosoi at redhat.com  2006-11-27 14:18 EST -------
Created an attachment (id=142208)
 --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142208&action=view)
cvs diff (passwd_extop.c)

File:
 ldap/servers/slapd/passwd_extop.c

Changes:
1. Renamed passwd_modify_generate_passwd to
passwd_modify_generate_basic_passwd, which algorithm is used when no specific
password rule or just the minimum length is given.
2. If some other rules are set, passwd_modify_generate_policy_passwd is called
and generates a password which fulfills the requirement.

Note: this password generator does not support passwordMin8Bit.  If it
generates a password which includes 8-bit characters, most likely they won't be
able to be displayed or input from the users' keyboard.  We should note it in the
doc...

------- Additional Comments From nhosoi at redhat.com  2006-11-27 14:21 EST -------
Created an attachment (id=142213)
 --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=142213&action=view)
generated password sample

Attached is the sample output from ldappasswd.	Do you think this quality of
the randomness satisfies the requirement? 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3170 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20061127/261fe07d/attachment.bin>