[Freeipa-users] Re: Question about "Character Classes"

[Rikimaru Honjo via FreeIPA-users]

Hi Alexander and Florence,

Thank you for your information! I could understand about "Character Classes".

I confirm the behavior of it after that.

Best regards,

On 2021/12/21 17:54, Florence Blanc-Renaud wrote:

Hi,

you can find more information in the Guide Configuring and managing
Identity Management
,
in the chapter Defining IdM password policies

:
Character classe: The number of different character classes the user must
use in the password

This setting governs the number of character classes but does not specify
which ones are required.
Hope this clarifies,
flo

On Tue, Dec 21, 2021 at 9:24 AM Rikimaru Honjo via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:


Hi,

I have a question about the "Character Classes" of passwords in FreeIPA.

I found a document about the "Character Classes". But, the following
information
is not described.

- Variation of configurable values (0,1,2,3,4,5?)
- Correspondence of number(e.g. 0,1...) and character classes(e.g.
Upper-case)

Do you know these?

Document:
https://www.freeipa.org/page/V2/Group_Password_Policy

- Minimum Number of Character Classes (krbPwdMinDiffChars): The minimum

number of different classes, or types, of character that must exist in a
password before it is considered valid. The default value is zero (0). The
following character classes are supported:

   - Upper-case characters
   - Lower-case characters
   - Digits
   - Special characters (for example, punctuation)


Best regards,
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure





___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Question about "Character Classes"

[Florence Blanc-Renaud via FreeIPA-users]

Hi,

you can find more information in the Guide Configuring and managing
Identity Management
,
in the chapter Defining IdM password policies

:
Character classe: The number of different character classes the user must
use in the password

This setting governs the number of character classes but does not specify
which ones are required.
Hope this clarifies,
flo

On Tue, Dec 21, 2021 at 9:24 AM Rikimaru Honjo via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> wrote:

> Hi,
>
> I have a question about the "Character Classes" of passwords in FreeIPA.
>
> I found a document about the "Character Classes". But, the following
> information
> is not described.
>
> - Variation of configurable values (0,1,2,3,4,5?)
> - Correspondence of number(e.g. 0,1...) and character classes(e.g.
> Upper-case)
>
> Do you know these?
>
> Document:
> https://www.freeipa.org/page/V2/Group_Password_Policy
> > - Minimum Number of Character Classes (krbPwdMinDiffChars): The minimum
> number of different classes, or types, of character that must exist in a
> password before it is considered valid. The default value is zero (0). The
> following character classes are supported:
> >   - Upper-case characters
> >   - Lower-case characters
> >   - Digits
> >   - Special characters (for example, punctuation)
>
> Best regards,
> ___
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

[Freeipa-users] Re: Question about "Character Classes"

[Alexander Bokovoy via FreeIPA-users]

On ti, 21 joulu 2021, Rikimaru Honjo via FreeIPA-users wrote:

Hi,

I have a question about the "Character Classes" of passwords in FreeIPA.

I found a document about the "Character Classes". But, the following information
is not described.

- Variation of configurable values (0,1,2,3,4,5?)
- Correspondence of number(e.g. 0,1...) and character classes(e.g. Upper-case)

Do you know these?


These are basically 1:1 mapped from MIT Kerberos password policy settings.
You can see classes here:
https://github.com/krb5/krb5/blob/master/src/lib/kadm5/srv/server_misc.c#L73-L102

--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure