URL: https://github.com/freeipa/freeipa/pull/403 Title: #403: Add new ipa passwd-generate command
abbra commented: """ @redhatrises, could you please explain more why you need this command as it is? FreeIPA allows to have multiple password policies. If you want to generate passwords that conform to a particular policy, it would be more reasonable to retrieve the password policy and use it to supply as arguments of the password generator. The generated password does not need to be transferred over the network. As you are adding a command to IPA, it could be a client-side plugin because Python client side code always has access to ipapython.util module. There could be multiple password generators. For example, on Linux systems you can simply use `pwqgen` utility from passwdqc package to generate passwords compatible with FreeIPA password policies. Granted, a configuration file needs to be created that translates a FreeIPA password policy but this is at least something that a command in IPA could do on the client side after fetching a policy. If the password generation is based on a particular policy and is moved to the client side, why not creating a plugin to ipa-advise instead? It would actually generate a script that calls pwqgen or other generator tool. This would be more useful to other environments as the script would also contain a reference to the password policy parameters and can be run independent of the FreeIPA infrastructure. Let me know what do you think about it. """ See the full comment at https://github.com/freeipa/freeipa/pull/403#issuecomment-274505035
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
