Title: #403: Add new ipa passwd-generate command
@redhatrises, could you please explain more why you need this command as it is?
FreeIPA allows to have multiple password policies. If you want to generate
passwords that conform to a particular policy, it would be more reasonable to
retrieve the password policy and use it to supply as arguments of the password
The generated password does not need to be transferred over the network. As you
are adding a command to IPA, it could be a client-side plugin because Python
client side code always has access to ipapython.util module.
There could be multiple password generators. For example, on Linux systems you
can simply use `pwqgen` utility from passwdqc package to generate passwords
compatible with FreeIPA password policies. Granted, a configuration file needs
to be created that translates a FreeIPA password policy but this is at least
something that a command in IPA could do on the client side after fetching a
If the password generation is based on a particular policy and is moved to the
client side, why not creating a plugin to ipa-advise instead? It would actually
generate a script that calls pwqgen or other generator tool. This would be more
useful to other environments as the script would also contain a reference to
the password policy parameters and can be run independent of the FreeIPA
Let me know what do you think about it.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code