On Thu, 2012-06-14 at 16:35 -0400, Rob Crittenden wrote:
> Ondrej Hamada wrote:
> > Improved options checking so that host-mod operation is not changing
> > password for enrolled host when '--random' option is used.
> > https://fedorahosted.org/freeipa/ticket/2799
> > Updated set of characters that is used for generating random passwords
> > for ipa hosts. Following characters were removed from the set: '"`\$<>
> > https://fedorahosted.org/freeipa/ticket/2800
> This works ok but it would be nice to have a test for both setting a
> password and random on an enrolled host to prevent regressions. We have
> some ipa-getkeytab tests already and these can be extended to test this
> I think.
> Might be nice to mention in the inline comment the set of characters
> excluded and why.
We already generate passwords for users with this character set:
user_pwdchars = string.digits + string.ascii_letters + '_,.@+-='
Why would we want to generate passwords for host enrolling with a
different set? Additionally, I think the set of characters you chose is
too wide, try entering a passwords with ' ', !, (, ), &, or ; without
careful escaping or quoting...
Freeipa-devel mailing list