URL: https://github.com/freeipa/freeipa/pull/403
Title: #403: Add new ipa passwd-generate command

redhatrises commented:
Sorry for the delayed response.

This is useful for environments where utilities like `pwgen` may not be allowed 
to be installed due to compliance/environment reasons. It is also especially 
useful for handling service accounts whose passwords have to be changed 
regularly or for managing passwords for shared user accounts where user's only 
access to the accounts is through sudo. Plus if no one is logging into the 
accounts, service or user, which are required to have passwords change 
regularly, why not have the authentication tool come up with one that is 
sufficient for the organizational requirements (28 different random different 
passwords) without having to come up with a password or having to remember x 
utility (which may not be allowed to be installed) from doing it? 

However, the final iteration of this (which I have not added yet) is to add 
`--user` and/or `--service-account` to handle changing those passwords with a 
generated password for user accounts or service accounts. Another option would 
be to just add an option that behaves the same way such as `--generate` to `ipa 
passwd` e.g. `ipa passwd user1 --generate`

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to