Re: [Freeipa-devel] [PATCH 0559] Increase default length of auto-generated passwords
On 29.07.2016 18:19, Alexander Bokovoy wrote: On Fri, 29 Jul 2016, Martin Basti wrote: On 29.07.2016 17:09, Alexander Bokovoy wrote: > On Fri, 29 Jul 2016, Martin Basti wrote: > > https://fedorahosted.org/freeipa/ticket/6116 > > > > > > Patch attached > > > > > From ca5305e032137b7c9197d0c1050191079a72124e Mon Sep 17 00:00:00 2001 > > From: Martin Basti > > Date: Fri, 22 Jul 2016 16:41:29 +0200 > > Subject: [PATCH] Increase default length of auto generated passwords > > > > Installer/IPA generates passwords for warious purpose: > > * KRA > > * kerberos master key > > * NSSDB password > > * temporary passwords during installation > > > > Length of passwords should be increased to 22, ~128bits of entropy, to > > be safe nowadays. > > > > https://fedorahosted.org/freeipa/ticket/6116 > ACK with a minor comment. > > > --- > > ipapython/ipautil.py | 2 +- > > ipaserver/plugins/baseuser.py | 3 ++- > > ipaserver/plugins/host.py | 3 ++- > > ipaserver/plugins/stageuser.py | 3 ++- > > ipaserver/plugins/user.py | 3 ++- > > 5 files changed, 9 insertions(+), 5 deletions(-) > > > > diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py > > index 9964fba4f694b57242b3bd3065a418917d977533..ca7e81d666cd6c345bdbbf4660c3451ac1f2c045 > > 100644 > > --- a/ipapython/ipautil.py > > +++ b/ipapython/ipautil.py > > @@ -57,7 +57,7 @@ from ipapython.dn import DN > > SHARE_DIR = paths.USR_SHARE_IPA_DIR > > PLUGINS_SHARE_DIR = paths.IPA_PLUGINS > > > > -GEN_PWD_LEN = 12 > > +GEN_PWD_LEN = 22 > It would be good to add a temporary password constant too > +GEN_TMP_PWD_LEN = 12 > > and then use it instead of pwd_len=12 below. > > > # Having this in krb_utils would cause circular import > > KRB5_KDC_UNREACH = 2529639068 # Cannot contact any KDC for requested > > realm > > diff --git a/ipaserver/plugins/baseuser.py > > b/ipaserver/plugins/baseuser.py > > index e4288a5a131157815ffb2452692a7edb342f6ac3..5e0752c8d3d246fa7c283f05b82ef01de2e5bf34 > > 100644 > > --- a/ipaserver/plugins/baseuser.py > > +++ b/ipaserver/plugins/baseuser.py > > @@ -552,7 +552,8 @@ class baseuser_mod(LDAPUpdate): > > > > def check_userpassword(self, entry_attrs, **options): > > if 'userpassword' not in entry_attrs and options.get('random'): > > -entry_attrs['userpassword'] = > > ipa_generate_password(baseuser_pwdchars) > > +entry_attrs['userpassword'] = ipa_generate_password( > > +baseuser_pwdchars, pwd_len=12) > > # save the password so it can be displayed in post_callback > > setattr(context, 'randompassword', > > entry_attrs['userpassword']) > > > > diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py > > index 413dcf15e0423170d8334902b9dcf8fb5aa14de6..1cefb6224e1a6dad0080369edee35c4524e5bd39 > > 100644 > > --- a/ipaserver/plugins/host.py > > +++ b/ipaserver/plugins/host.py > > @@ -683,7 +683,8 @@ class host_add(LDAPCreate): > > if 'krbprincipal' in entry_attrs['objectclass']: > > entry_attrs['objectclass'].remove('krbprincipal') > > if options.get('random'): > > -entry_attrs['userpassword'] = > > ipa_generate_password(characters=host_pwd_chars) > > +entry_attrs['userpassword'] = ipa_generate_password( > > +characters=host_pwd_chars, pwd_len=12) > > # save the password so it can be displayed in post_callback > > setattr(context, 'randompassword', > > entry_attrs['userpassword']) > > certs = options.get('usercertificate', []) > > diff --git a/ipaserver/plugins/stageuser.py > > b/ipaserver/plugins/stageuser.py > > index 3b9388f6020b9a6c40caedd36f3640a05a13da65..6df189c3913171b4990ce115b296b19c7447592d > > 100644 > > --- a/ipaserver/plugins/stageuser.py > > +++ b/ipaserver/plugins/stageuser.py > > @@ -339,7 +339,8 @@ class stageuser_add(baseuser_add): > > > > # If requested, generate a userpassword > > if 'userpassword' not in entry_attrs and options.get('random'): > > -entry_attrs['userpassword'] = > > ipa_generate_password(baseuser_pwdchars) > > +entry_attrs['userpassword'] = ipa_generate_password( > > +baseuser_pwdchars, pwd_len=12) > > # save the password so it can be displayed in post_callback > > setattr(context, 'randompassword', > > entry_attrs['userpassword']) > > > > diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py > > index b3ae7646fdcfa1dce10d90063dae2a24c091e8ee..62ec529062c7ac39661df2a8c3d2277711268b11 > > 100644 > > --- a/ipaserver/plugins/user.py > > +++ b/ipaserver/plugins/user.py > > @@ -517,7 +517,8 @@ class user_add(baseuser_add): > > entry_attrs['gidnumber'] = group_attrs['gidnumber'] > > > > if 'userpassword' not in entry_attrs and options.get('random'): > > -entry_attrs['userpassword'] = > > ipa_generate_password(baseuser_pwdchars) > > +entry_attrs['userpa
Re: [Freeipa-devel] [PATCH 0559] Increase default length of auto-generated passwords
On Fri, 29 Jul 2016, Martin Basti wrote: On 29.07.2016 17:09, Alexander Bokovoy wrote: > On Fri, 29 Jul 2016, Martin Basti wrote: > > https://fedorahosted.org/freeipa/ticket/6116 > > > > > > Patch attached > > > > > From ca5305e032137b7c9197d0c1050191079a72124e Mon Sep 17 00:00:00 2001 > > From: Martin Basti > > Date: Fri, 22 Jul 2016 16:41:29 +0200 > > Subject: [PATCH] Increase default length of auto generated passwords > > > > Installer/IPA generates passwords for warious purpose: > > * KRA > > * kerberos master key > > * NSSDB password > > * temporary passwords during installation > > > > Length of passwords should be increased to 22, ~128bits of entropy, to > > be safe nowadays. > > > > https://fedorahosted.org/freeipa/ticket/6116 > ACK with a minor comment. > > > --- > > ipapython/ipautil.py | 2 +- > > ipaserver/plugins/baseuser.py | 3 ++- > > ipaserver/plugins/host.py | 3 ++- > > ipaserver/plugins/stageuser.py | 3 ++- > > ipaserver/plugins/user.py | 3 ++- > > 5 files changed, 9 insertions(+), 5 deletions(-) > > > > diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py > > index 9964fba4f694b57242b3bd3065a418917d977533..ca7e81d666cd6c345bdbbf4660c3451ac1f2c045 > > 100644 > > --- a/ipapython/ipautil.py > > +++ b/ipapython/ipautil.py > > @@ -57,7 +57,7 @@ from ipapython.dn import DN > > SHARE_DIR = paths.USR_SHARE_IPA_DIR > > PLUGINS_SHARE_DIR = paths.IPA_PLUGINS > > > > -GEN_PWD_LEN = 12 > > +GEN_PWD_LEN = 22 > It would be good to add a temporary password constant too > +GEN_TMP_PWD_LEN = 12 > > and then use it instead of pwd_len=12 below. > > > # Having this in krb_utils would cause circular import > > KRB5_KDC_UNREACH = 2529639068 # Cannot contact any KDC for requested > > realm > > diff --git a/ipaserver/plugins/baseuser.py > > b/ipaserver/plugins/baseuser.py > > index e4288a5a131157815ffb2452692a7edb342f6ac3..5e0752c8d3d246fa7c283f05b82ef01de2e5bf34 > > 100644 > > --- a/ipaserver/plugins/baseuser.py > > +++ b/ipaserver/plugins/baseuser.py > > @@ -552,7 +552,8 @@ class baseuser_mod(LDAPUpdate): > > > > def check_userpassword(self, entry_attrs, **options): > > if 'userpassword' not in entry_attrs and options.get('random'): > > -entry_attrs['userpassword'] = > > ipa_generate_password(baseuser_pwdchars) > > +entry_attrs['userpassword'] = ipa_generate_password( > > +baseuser_pwdchars, pwd_len=12) > > # save the password so it can be displayed in post_callback > > setattr(context, 'randompassword', > > entry_attrs['userpassword']) > > > > diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py > > index 413dcf15e0423170d8334902b9dcf8fb5aa14de6..1cefb6224e1a6dad0080369edee35c4524e5bd39 > > 100644 > > --- a/ipaserver/plugins/host.py > > +++ b/ipaserver/plugins/host.py > > @@ -683,7 +683,8 @@ class host_add(LDAPCreate): > > if 'krbprincipal' in entry_attrs['objectclass']: > > entry_attrs['objectclass'].remove('krbprincipal') > > if options.get('random'): > > -entry_attrs['userpassword'] = > > ipa_generate_password(characters=host_pwd_chars) > > +entry_attrs['userpassword'] = ipa_generate_password( > > +characters=host_pwd_chars, pwd_len=12) > > # save the password so it can be displayed in post_callback > > setattr(context, 'randompassword', > > entry_attrs['userpassword']) > > certs = options.get('usercertificate', []) > > diff --git a/ipaserver/plugins/stageuser.py > > b/ipaserver/plugins/stageuser.py > > index 3b9388f6020b9a6c40caedd36f3640a05a13da65..6df189c3913171b4990ce115b296b19c7447592d > > 100644 > > --- a/ipaserver/plugins/stageuser.py > > +++ b/ipaserver/plugins/stageuser.py > > @@ -339,7 +339,8 @@ class stageuser_add(baseuser_add): > > > > # If requested, generate a userpassword > > if 'userpassword' not in entry_attrs and options.get('random'): > > -entry_attrs['userpassword'] = > > ipa_generate_password(baseuser_pwdchars) > > +entry_attrs['userpassword'] = ipa_generate_password( > > +baseuser_pwdchars, pwd_len=12) > > # save the password so it can be displayed in post_callback > > setattr(context, 'randompassword', > > entry_attrs['userpassword']) > > > > diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py > > index b3ae7646fdcfa1dce10d90063dae2a24c091e8ee..62ec529062c7ac39661df2a8c3d2277711268b11 > > 100644 > > --- a/ipaserver/plugins/user.py > > +++ b/ipaserver/plugins/user.py > > @@ -517,7 +517,8 @@ class user_add(baseuser_add): > > entry_attrs['gidnumber'] = group_attrs['gidnumber'] > > > > if 'userpassword' not in entry_attrs and options.get('random'): > > -entry_attrs['userpassword'] = > > ipa_generate_password(baseuser_pwdchars) > > +entry_attrs['userpassword'] = ipa_generate_password( > > +
Re: [Freeipa-devel] [PATCH 0559] Increase default length of auto-generated passwords
On 29.07.2016 17:09, Alexander Bokovoy wrote: On Fri, 29 Jul 2016, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/6116 Patch attached From ca5305e032137b7c9197d0c1050191079a72124e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Fri, 22 Jul 2016 16:41:29 +0200 Subject: [PATCH] Increase default length of auto generated passwords Installer/IPA generates passwords for warious purpose: * KRA * kerberos master key * NSSDB password * temporary passwords during installation Length of passwords should be increased to 22, ~128bits of entropy, to be safe nowadays. https://fedorahosted.org/freeipa/ticket/6116 ACK with a minor comment. --- ipapython/ipautil.py | 2 +- ipaserver/plugins/baseuser.py | 3 ++- ipaserver/plugins/host.py | 3 ++- ipaserver/plugins/stageuser.py | 3 ++- ipaserver/plugins/user.py | 3 ++- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 9964fba4f694b57242b3bd3065a418917d977533..ca7e81d666cd6c345bdbbf4660c3451ac1f2c045 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -57,7 +57,7 @@ from ipapython.dn import DN SHARE_DIR = paths.USR_SHARE_IPA_DIR PLUGINS_SHARE_DIR = paths.IPA_PLUGINS -GEN_PWD_LEN = 12 +GEN_PWD_LEN = 22 It would be good to add a temporary password constant too +GEN_TMP_PWD_LEN = 12 and then use it instead of pwd_len=12 below. # Having this in krb_utils would cause circular import KRB5_KDC_UNREACH = 2529639068 # Cannot contact any KDC for requested realm diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py index e4288a5a131157815ffb2452692a7edb342f6ac3..5e0752c8d3d246fa7c283f05b82ef01de2e5bf34 100644 --- a/ipaserver/plugins/baseuser.py +++ b/ipaserver/plugins/baseuser.py @@ -552,7 +552,8 @@ class baseuser_mod(LDAPUpdate): def check_userpassword(self, entry_attrs, **options): if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 413dcf15e0423170d8334902b9dcf8fb5aa14de6..1cefb6224e1a6dad0080369edee35c4524e5bd39 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -683,7 +683,8 @@ class host_add(LDAPCreate): if 'krbprincipal' in entry_attrs['objectclass']: entry_attrs['objectclass'].remove('krbprincipal') if options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars) +entry_attrs['userpassword'] = ipa_generate_password( +characters=host_pwd_chars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) certs = options.get('usercertificate', []) diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py index 3b9388f6020b9a6c40caedd36f3640a05a13da65..6df189c3913171b4990ce115b296b19c7447592d 100644 --- a/ipaserver/plugins/stageuser.py +++ b/ipaserver/plugins/stageuser.py @@ -339,7 +339,8 @@ class stageuser_add(baseuser_add): # If requested, generate a userpassword if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py index b3ae7646fdcfa1dce10d90063dae2a24c091e8ee..62ec529062c7ac39661df2a8c3d2277711268b11 100644 --- a/ipaserver/plugins/user.py +++ b/ipaserver/plugins/user.py @@ -517,7 +517,8 @@ class user_add(baseuser_add): entry_attrs['gidnumber'] = group_attrs['gidnumber'] if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) -- 2.5.5 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code Thanks Updated patch attached Martin^2 From 81beb652bc81a8e73876f876507a7dabd338667b M
Re: [Freeipa-devel] [PATCH 0559] Increase default length of auto-generated passwords
On Fri, 29 Jul 2016, Martin Basti wrote: https://fedorahosted.org/freeipa/ticket/6116 Patch attached From ca5305e032137b7c9197d0c1050191079a72124e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Fri, 22 Jul 2016 16:41:29 +0200 Subject: [PATCH] Increase default length of auto generated passwords Installer/IPA generates passwords for warious purpose: * KRA * kerberos master key * NSSDB password * temporary passwords during installation Length of passwords should be increased to 22, ~128bits of entropy, to be safe nowadays. https://fedorahosted.org/freeipa/ticket/6116 ACK with a minor comment. --- ipapython/ipautil.py | 2 +- ipaserver/plugins/baseuser.py | 3 ++- ipaserver/plugins/host.py | 3 ++- ipaserver/plugins/stageuser.py | 3 ++- ipaserver/plugins/user.py | 3 ++- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 9964fba4f694b57242b3bd3065a418917d977533..ca7e81d666cd6c345bdbbf4660c3451ac1f2c045 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -57,7 +57,7 @@ from ipapython.dn import DN SHARE_DIR = paths.USR_SHARE_IPA_DIR PLUGINS_SHARE_DIR = paths.IPA_PLUGINS -GEN_PWD_LEN = 12 +GEN_PWD_LEN = 22 It would be good to add a temporary password constant too +GEN_TMP_PWD_LEN = 12 and then use it instead of pwd_len=12 below. # Having this in krb_utils would cause circular import KRB5_KDC_UNREACH = 2529639068 # Cannot contact any KDC for requested realm diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py index e4288a5a131157815ffb2452692a7edb342f6ac3..5e0752c8d3d246fa7c283f05b82ef01de2e5bf34 100644 --- a/ipaserver/plugins/baseuser.py +++ b/ipaserver/plugins/baseuser.py @@ -552,7 +552,8 @@ class baseuser_mod(LDAPUpdate): def check_userpassword(self, entry_attrs, **options): if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 413dcf15e0423170d8334902b9dcf8fb5aa14de6..1cefb6224e1a6dad0080369edee35c4524e5bd39 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -683,7 +683,8 @@ class host_add(LDAPCreate): if 'krbprincipal' in entry_attrs['objectclass']: entry_attrs['objectclass'].remove('krbprincipal') if options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars) +entry_attrs['userpassword'] = ipa_generate_password( +characters=host_pwd_chars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) certs = options.get('usercertificate', []) diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py index 3b9388f6020b9a6c40caedd36f3640a05a13da65..6df189c3913171b4990ce115b296b19c7447592d 100644 --- a/ipaserver/plugins/stageuser.py +++ b/ipaserver/plugins/stageuser.py @@ -339,7 +339,8 @@ class stageuser_add(baseuser_add): # If requested, generate a userpassword if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py index b3ae7646fdcfa1dce10d90063dae2a24c091e8ee..62ec529062c7ac39661df2a8c3d2277711268b11 100644 --- a/ipaserver/plugins/user.py +++ b/ipaserver/plugins/user.py @@ -517,7 +517,8 @@ class user_add(baseuser_add): entry_attrs['gidnumber'] = group_attrs['gidnumber'] if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) -- 2.5.5 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code -- / Alexander Bokovoy -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel
[Freeipa-devel] [PATCH 0559] Increase default length of auto-generated passwords
https://fedorahosted.org/freeipa/ticket/6116 Patch attached From ca5305e032137b7c9197d0c1050191079a72124e Mon Sep 17 00:00:00 2001 From: Martin Basti Date: Fri, 22 Jul 2016 16:41:29 +0200 Subject: [PATCH] Increase default length of auto generated passwords Installer/IPA generates passwords for warious purpose: * KRA * kerberos master key * NSSDB password * temporary passwords during installation Length of passwords should be increased to 22, ~128bits of entropy, to be safe nowadays. https://fedorahosted.org/freeipa/ticket/6116 --- ipapython/ipautil.py | 2 +- ipaserver/plugins/baseuser.py | 3 ++- ipaserver/plugins/host.py | 3 ++- ipaserver/plugins/stageuser.py | 3 ++- ipaserver/plugins/user.py | 3 ++- 5 files changed, 9 insertions(+), 5 deletions(-) diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py index 9964fba4f694b57242b3bd3065a418917d977533..ca7e81d666cd6c345bdbbf4660c3451ac1f2c045 100644 --- a/ipapython/ipautil.py +++ b/ipapython/ipautil.py @@ -57,7 +57,7 @@ from ipapython.dn import DN SHARE_DIR = paths.USR_SHARE_IPA_DIR PLUGINS_SHARE_DIR = paths.IPA_PLUGINS -GEN_PWD_LEN = 12 +GEN_PWD_LEN = 22 # Having this in krb_utils would cause circular import KRB5_KDC_UNREACH = 2529639068 # Cannot contact any KDC for requested realm diff --git a/ipaserver/plugins/baseuser.py b/ipaserver/plugins/baseuser.py index e4288a5a131157815ffb2452692a7edb342f6ac3..5e0752c8d3d246fa7c283f05b82ef01de2e5bf34 100644 --- a/ipaserver/plugins/baseuser.py +++ b/ipaserver/plugins/baseuser.py @@ -552,7 +552,8 @@ class baseuser_mod(LDAPUpdate): def check_userpassword(self, entry_attrs, **options): if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) diff --git a/ipaserver/plugins/host.py b/ipaserver/plugins/host.py index 413dcf15e0423170d8334902b9dcf8fb5aa14de6..1cefb6224e1a6dad0080369edee35c4524e5bd39 100644 --- a/ipaserver/plugins/host.py +++ b/ipaserver/plugins/host.py @@ -683,7 +683,8 @@ class host_add(LDAPCreate): if 'krbprincipal' in entry_attrs['objectclass']: entry_attrs['objectclass'].remove('krbprincipal') if options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(characters=host_pwd_chars) +entry_attrs['userpassword'] = ipa_generate_password( +characters=host_pwd_chars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) certs = options.get('usercertificate', []) diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py index 3b9388f6020b9a6c40caedd36f3640a05a13da65..6df189c3913171b4990ce115b296b19c7447592d 100644 --- a/ipaserver/plugins/stageuser.py +++ b/ipaserver/plugins/stageuser.py @@ -339,7 +339,8 @@ class stageuser_add(baseuser_add): # If requested, generate a userpassword if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) diff --git a/ipaserver/plugins/user.py b/ipaserver/plugins/user.py index b3ae7646fdcfa1dce10d90063dae2a24c091e8ee..62ec529062c7ac39661df2a8c3d2277711268b11 100644 --- a/ipaserver/plugins/user.py +++ b/ipaserver/plugins/user.py @@ -517,7 +517,8 @@ class user_add(baseuser_add): entry_attrs['gidnumber'] = group_attrs['gidnumber'] if 'userpassword' not in entry_attrs and options.get('random'): -entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) +entry_attrs['userpassword'] = ipa_generate_password( +baseuser_pwdchars, pwd_len=12) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) -- 2.5.5 -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code