[Freeipa-devel] [freeipa PR#317][synchronized] Unify password generation across FreeIPA
URL: https://github.com/freeipa/freeipa/pull/317
Author: stlaz
Title: #317: Unify password generation across FreeIPA
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/317/head:pr317
git checkout pr317
From 5398133a228d57e10d94268b73faad24ababe777 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Tue, 6 Dec 2016 09:05:42 +0100
Subject: [PATCH 1/2] Unify password generation across FreeIPA
Also had to recalculate entropy of the passwords as originally,
probability of generating each character was 1/256, however the
default probability of each character in the ipa_generate_password
is 1/95 (1/94 for first and last character).
https://fedorahosted.org/freeipa/ticket/5695
---
ipaserver/install/certs.py | 8 ++--
ipaserver/install/dogtaginstance.py| 3 +--
ipaserver/install/dsinstance.py| 5 +
ipaserver/install/httpinstance.py | 5 ++---
ipaserver/install/server/replicainstall.py | 3 +--
ipaserver/secrets/store.py | 2 +-
6 files changed, 8 insertions(+), 18 deletions(-)
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 02b03d4..414a716 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -25,7 +25,6 @@
import xml.dom.minidom
import pwd
import base64
-from hashlib import sha1
import fcntl
import time
import datetime
@@ -159,9 +158,6 @@ def set_perms(self, fname, write=False, uid=None):
perms |= stat.S_IWUSR
os.chmod(fname, perms)
-def gen_password(self):
-return sha1(ipautil.ipa_generate_password()).hexdigest()
-
def run_certutil(self, args, stdin=None, **kwargs):
return self.nssdb.run_certutil(args, stdin, **kwargs)
@@ -177,7 +173,7 @@ def create_noise_file(self):
if ipautil.file_exists(self.noise_fname):
os.remove(self.noise_fname)
f = open(self.noise_fname, "w")
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
self.set_perms(self.noise_fname)
def create_passwd_file(self, passwd=None):
@@ -186,7 +182,7 @@ def create_passwd_file(self, passwd=None):
if passwd is not None:
f.write("%s\n" % passwd)
else:
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
f.close()
self.set_perms(self.passwd_fname)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index f4856c7..dc4b5b0 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -18,7 +18,6 @@
#
import base64
-import binascii
import ldap
import os
import shutil
@@ -428,7 +427,7 @@ def __add_admin_to_group(self, group):
def setup_admin(self):
self.admin_user = "admin-%s" % self.fqdn
-self.admin_password = binascii.hexlify(os.urandom(16))
+self.admin_password = ipautil.ipa_generate_password(pwd_len=20)
self.admin_dn = DN(('uid', self.admin_user),
('ou', 'people'), ('o', 'ipaca'))
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index a0fdc4a..89315b6 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -508,7 +508,7 @@ def __setup_sub_dict(self):
idrange_size = None
self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid,
PASSWORD=self.dm_password,
- RANDOM_PASSWORD=self.generate_random(),
+ RANDOM_PASSWORD=ipautil.ipa_generate_password(),
SUFFIX=self.suffix,
REALM=self.realm, USER=DS_USER,
SERVER_ROOT=server_root, DOMAIN=self.domain,
@@ -775,9 +775,6 @@ def __host_nis_groups(self):
def __add_enrollment_module(self):
self._ldap_mod("enrollment-conf.ldif", self.sub_dict)
-def generate_random(self):
-return ipautil.ipa_generate_password()
-
def __enable_ssl(self):
dirname = config_dirname(self.serverid)
dsdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base)
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index b7ce857..e8c706e 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,7 +19,6 @@
from __future__ import print_function
-import binascii
import os
import os.path
import pwd
@@ -314,9 +313,9 @@ def create_cert_db(self):
ipautil.backup_file(nss_path)
# Create the password file for this db
-hex_str = binascii.hexlify(os.urandom(10))
+password = ipautil.ipa_generate_password(pwd_len=15)
f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, hex_str)
+os.write(f, passw
[Freeipa-devel] [freeipa PR#317][synchronized] Unify password generation across FreeIPA
URL: https://github.com/freeipa/freeipa/pull/317
Author: stlaz
Title: #317: Unify password generation across FreeIPA
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/317/head:pr317
git checkout pr317
From bfde1323888d15bd8aa975e9513fea829cb19de9 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Tue, 6 Dec 2016 09:05:42 +0100
Subject: [PATCH 1/2] Unify password generation across FreeIPA
Also had to recalculate entropy of the passwords as originally,
probability of generating each character was 1/256, however the
default probability of each character in the ipa_generate_password
is 1/95 (1/94 for first and last character).
https://fedorahosted.org/freeipa/ticket/5695
---
ipaserver/install/certs.py | 8 ++--
ipaserver/install/dogtaginstance.py| 3 +--
ipaserver/install/dsinstance.py| 5 +
ipaserver/install/httpinstance.py | 5 ++---
ipaserver/install/server/replicainstall.py | 3 +--
ipaserver/secrets/store.py | 2 +-
6 files changed, 8 insertions(+), 18 deletions(-)
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 45602ba..198c43d 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -25,7 +25,6 @@
import xml.dom.minidom
import pwd
import base64
-from hashlib import sha1
import fcntl
import time
import datetime
@@ -159,9 +158,6 @@ def set_perms(self, fname, write=False, uid=None):
perms |= stat.S_IWUSR
os.chmod(fname, perms)
-def gen_password(self):
-return sha1(ipautil.ipa_generate_password()).hexdigest()
-
def run_certutil(self, args, stdin=None, **kwargs):
return self.nssdb.run_certutil(args, stdin, **kwargs)
@@ -177,7 +173,7 @@ def create_noise_file(self):
if ipautil.file_exists(self.noise_fname):
os.remove(self.noise_fname)
f = open(self.noise_fname, "w")
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
self.set_perms(self.noise_fname)
def create_passwd_file(self, passwd=None):
@@ -186,7 +182,7 @@ def create_passwd_file(self, passwd=None):
if passwd is not None:
f.write("%s\n" % passwd)
else:
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
f.close()
self.set_perms(self.passwd_fname)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index f4856c7..dc4b5b0 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -18,7 +18,6 @@
#
import base64
-import binascii
import ldap
import os
import shutil
@@ -428,7 +427,7 @@ def __add_admin_to_group(self, group):
def setup_admin(self):
self.admin_user = "admin-%s" % self.fqdn
-self.admin_password = binascii.hexlify(os.urandom(16))
+self.admin_password = ipautil.ipa_generate_password(pwd_len=20)
self.admin_dn = DN(('uid', self.admin_user),
('ou', 'people'), ('o', 'ipaca'))
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 1be5ac7..09708dc 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -506,7 +506,7 @@ def __setup_sub_dict(self):
idrange_size = None
self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid,
PASSWORD=self.dm_password,
- RANDOM_PASSWORD=self.generate_random(),
+ RANDOM_PASSWORD=ipautil.ipa_generate_password(),
SUFFIX=self.suffix,
REALM=self.realm, USER=DS_USER,
SERVER_ROOT=server_root, DOMAIN=self.domain,
@@ -773,9 +773,6 @@ def __host_nis_groups(self):
def __add_enrollment_module(self):
self._ldap_mod("enrollment-conf.ldif", self.sub_dict)
-def generate_random(self):
-return ipautil.ipa_generate_password()
-
def __enable_ssl(self):
dirname = config_dirname(self.serverid)
dsdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base)
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 15c3107..9fdb5a8 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,7 +19,6 @@
from __future__ import print_function
-import binascii
import os
import os.path
import pwd
@@ -314,9 +313,9 @@ def create_cert_db(self):
ipautil.backup_file(nss_path)
# Create the password file for this db
-hex_str = binascii.hexlify(os.urandom(10))
+password = ipautil.ipa_generate_password(pwd_len=15)
f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, hex_str)
+os.write(f, passw
[Freeipa-devel] [freeipa PR#317][synchronized] Unify password generation across FreeIPA
URL: https://github.com/freeipa/freeipa/pull/317
Author: stlaz
Title: #317: Unify password generation across FreeIPA
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/317/head:pr317
git checkout pr317
From bfde1323888d15bd8aa975e9513fea829cb19de9 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Tue, 6 Dec 2016 09:05:42 +0100
Subject: [PATCH 1/2] Unify password generation across FreeIPA
Also had to recalculate entropy of the passwords as originally,
probability of generating each character was 1/256, however the
default probability of each character in the ipa_generate_password
is 1/95 (1/94 for first and last character).
https://fedorahosted.org/freeipa/ticket/5695
---
ipaserver/install/certs.py | 8 ++--
ipaserver/install/dogtaginstance.py| 3 +--
ipaserver/install/dsinstance.py| 5 +
ipaserver/install/httpinstance.py | 5 ++---
ipaserver/install/server/replicainstall.py | 3 +--
ipaserver/secrets/store.py | 2 +-
6 files changed, 8 insertions(+), 18 deletions(-)
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 45602ba..198c43d 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -25,7 +25,6 @@
import xml.dom.minidom
import pwd
import base64
-from hashlib import sha1
import fcntl
import time
import datetime
@@ -159,9 +158,6 @@ def set_perms(self, fname, write=False, uid=None):
perms |= stat.S_IWUSR
os.chmod(fname, perms)
-def gen_password(self):
-return sha1(ipautil.ipa_generate_password()).hexdigest()
-
def run_certutil(self, args, stdin=None, **kwargs):
return self.nssdb.run_certutil(args, stdin, **kwargs)
@@ -177,7 +173,7 @@ def create_noise_file(self):
if ipautil.file_exists(self.noise_fname):
os.remove(self.noise_fname)
f = open(self.noise_fname, "w")
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
self.set_perms(self.noise_fname)
def create_passwd_file(self, passwd=None):
@@ -186,7 +182,7 @@ def create_passwd_file(self, passwd=None):
if passwd is not None:
f.write("%s\n" % passwd)
else:
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
f.close()
self.set_perms(self.passwd_fname)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index f4856c7..dc4b5b0 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -18,7 +18,6 @@
#
import base64
-import binascii
import ldap
import os
import shutil
@@ -428,7 +427,7 @@ def __add_admin_to_group(self, group):
def setup_admin(self):
self.admin_user = "admin-%s" % self.fqdn
-self.admin_password = binascii.hexlify(os.urandom(16))
+self.admin_password = ipautil.ipa_generate_password(pwd_len=20)
self.admin_dn = DN(('uid', self.admin_user),
('ou', 'people'), ('o', 'ipaca'))
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 1be5ac7..09708dc 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -506,7 +506,7 @@ def __setup_sub_dict(self):
idrange_size = None
self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid,
PASSWORD=self.dm_password,
- RANDOM_PASSWORD=self.generate_random(),
+ RANDOM_PASSWORD=ipautil.ipa_generate_password(),
SUFFIX=self.suffix,
REALM=self.realm, USER=DS_USER,
SERVER_ROOT=server_root, DOMAIN=self.domain,
@@ -773,9 +773,6 @@ def __host_nis_groups(self):
def __add_enrollment_module(self):
self._ldap_mod("enrollment-conf.ldif", self.sub_dict)
-def generate_random(self):
-return ipautil.ipa_generate_password()
-
def __enable_ssl(self):
dirname = config_dirname(self.serverid)
dsdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base)
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 15c3107..9fdb5a8 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,7 +19,6 @@
from __future__ import print_function
-import binascii
import os
import os.path
import pwd
@@ -314,9 +313,9 @@ def create_cert_db(self):
ipautil.backup_file(nss_path)
# Create the password file for this db
-hex_str = binascii.hexlify(os.urandom(10))
+password = ipautil.ipa_generate_password(pwd_len=15)
f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, hex_str)
+os.write(f, passw
[Freeipa-devel] [freeipa PR#317][synchronized] Unify password generation across FreeIPA
URL: https://github.com/freeipa/freeipa/pull/317
Author: stlaz
Title: #317: Unify password generation across FreeIPA
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/317/head:pr317
git checkout pr317
From bfde1323888d15bd8aa975e9513fea829cb19de9 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Tue, 6 Dec 2016 09:05:42 +0100
Subject: [PATCH 1/2] Unify password generation across FreeIPA
Also had to recalculate entropy of the passwords as originally,
probability of generating each character was 1/256, however the
default probability of each character in the ipa_generate_password
is 1/95 (1/94 for first and last character).
https://fedorahosted.org/freeipa/ticket/5695
---
ipaserver/install/certs.py | 8 ++--
ipaserver/install/dogtaginstance.py| 3 +--
ipaserver/install/dsinstance.py| 5 +
ipaserver/install/httpinstance.py | 5 ++---
ipaserver/install/server/replicainstall.py | 3 +--
ipaserver/secrets/store.py | 2 +-
6 files changed, 8 insertions(+), 18 deletions(-)
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 45602ba..198c43d 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -25,7 +25,6 @@
import xml.dom.minidom
import pwd
import base64
-from hashlib import sha1
import fcntl
import time
import datetime
@@ -159,9 +158,6 @@ def set_perms(self, fname, write=False, uid=None):
perms |= stat.S_IWUSR
os.chmod(fname, perms)
-def gen_password(self):
-return sha1(ipautil.ipa_generate_password()).hexdigest()
-
def run_certutil(self, args, stdin=None, **kwargs):
return self.nssdb.run_certutil(args, stdin, **kwargs)
@@ -177,7 +173,7 @@ def create_noise_file(self):
if ipautil.file_exists(self.noise_fname):
os.remove(self.noise_fname)
f = open(self.noise_fname, "w")
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
self.set_perms(self.noise_fname)
def create_passwd_file(self, passwd=None):
@@ -186,7 +182,7 @@ def create_passwd_file(self, passwd=None):
if passwd is not None:
f.write("%s\n" % passwd)
else:
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
f.close()
self.set_perms(self.passwd_fname)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index f4856c7..dc4b5b0 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -18,7 +18,6 @@
#
import base64
-import binascii
import ldap
import os
import shutil
@@ -428,7 +427,7 @@ def __add_admin_to_group(self, group):
def setup_admin(self):
self.admin_user = "admin-%s" % self.fqdn
-self.admin_password = binascii.hexlify(os.urandom(16))
+self.admin_password = ipautil.ipa_generate_password(pwd_len=20)
self.admin_dn = DN(('uid', self.admin_user),
('ou', 'people'), ('o', 'ipaca'))
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 1be5ac7..09708dc 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -506,7 +506,7 @@ def __setup_sub_dict(self):
idrange_size = None
self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid,
PASSWORD=self.dm_password,
- RANDOM_PASSWORD=self.generate_random(),
+ RANDOM_PASSWORD=ipautil.ipa_generate_password(),
SUFFIX=self.suffix,
REALM=self.realm, USER=DS_USER,
SERVER_ROOT=server_root, DOMAIN=self.domain,
@@ -773,9 +773,6 @@ def __host_nis_groups(self):
def __add_enrollment_module(self):
self._ldap_mod("enrollment-conf.ldif", self.sub_dict)
-def generate_random(self):
-return ipautil.ipa_generate_password()
-
def __enable_ssl(self):
dirname = config_dirname(self.serverid)
dsdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base)
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 15c3107..9fdb5a8 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,7 +19,6 @@
from __future__ import print_function
-import binascii
import os
import os.path
import pwd
@@ -314,9 +313,9 @@ def create_cert_db(self):
ipautil.backup_file(nss_path)
# Create the password file for this db
-hex_str = binascii.hexlify(os.urandom(10))
+password = ipautil.ipa_generate_password(pwd_len=15)
f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, hex_str)
+os.write(f, passw
[Freeipa-devel] [freeipa PR#317][synchronized] Unify password generation across FreeIPA
URL: https://github.com/freeipa/freeipa/pull/317
Author: stlaz
Title: #317: Unify password generation across FreeIPA
Action: synchronized
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/317/head:pr317
git checkout pr317
From bfde1323888d15bd8aa975e9513fea829cb19de9 Mon Sep 17 00:00:00 2001
From: Stanislav Laznicka
Date: Tue, 6 Dec 2016 09:05:42 +0100
Subject: [PATCH] Unify password generation across FreeIPA
Also had to recalculate entropy of the passwords as originally,
probability of generating each character was 1/256, however the
default probability of each character in the ipa_generate_password
is 1/95 (1/94 for first and last character).
https://fedorahosted.org/freeipa/ticket/5695
---
ipaserver/install/certs.py | 8 ++--
ipaserver/install/dogtaginstance.py| 3 +--
ipaserver/install/dsinstance.py| 5 +
ipaserver/install/httpinstance.py | 5 ++---
ipaserver/install/server/replicainstall.py | 3 +--
ipaserver/secrets/store.py | 2 +-
6 files changed, 8 insertions(+), 18 deletions(-)
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py
index 45602ba..198c43d 100644
--- a/ipaserver/install/certs.py
+++ b/ipaserver/install/certs.py
@@ -25,7 +25,6 @@
import xml.dom.minidom
import pwd
import base64
-from hashlib import sha1
import fcntl
import time
import datetime
@@ -159,9 +158,6 @@ def set_perms(self, fname, write=False, uid=None):
perms |= stat.S_IWUSR
os.chmod(fname, perms)
-def gen_password(self):
-return sha1(ipautil.ipa_generate_password()).hexdigest()
-
def run_certutil(self, args, stdin=None, **kwargs):
return self.nssdb.run_certutil(args, stdin, **kwargs)
@@ -177,7 +173,7 @@ def create_noise_file(self):
if ipautil.file_exists(self.noise_fname):
os.remove(self.noise_fname)
f = open(self.noise_fname, "w")
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
self.set_perms(self.noise_fname)
def create_passwd_file(self, passwd=None):
@@ -186,7 +182,7 @@ def create_passwd_file(self, passwd=None):
if passwd is not None:
f.write("%s\n" % passwd)
else:
-f.write(self.gen_password())
+f.write(ipautil.ipa_generate_password(pwd_len=25))
f.close()
self.set_perms(self.passwd_fname)
diff --git a/ipaserver/install/dogtaginstance.py b/ipaserver/install/dogtaginstance.py
index f4856c7..dc4b5b0 100644
--- a/ipaserver/install/dogtaginstance.py
+++ b/ipaserver/install/dogtaginstance.py
@@ -18,7 +18,6 @@
#
import base64
-import binascii
import ldap
import os
import shutil
@@ -428,7 +427,7 @@ def __add_admin_to_group(self, group):
def setup_admin(self):
self.admin_user = "admin-%s" % self.fqdn
-self.admin_password = binascii.hexlify(os.urandom(16))
+self.admin_password = ipautil.ipa_generate_password(pwd_len=20)
self.admin_dn = DN(('uid', self.admin_user),
('ou', 'people'), ('o', 'ipaca'))
diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py
index 1be5ac7..09708dc 100644
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -506,7 +506,7 @@ def __setup_sub_dict(self):
idrange_size = None
self.sub_dict = dict(FQDN=self.fqdn, SERVERID=self.serverid,
PASSWORD=self.dm_password,
- RANDOM_PASSWORD=self.generate_random(),
+ RANDOM_PASSWORD=ipautil.ipa_generate_password(),
SUFFIX=self.suffix,
REALM=self.realm, USER=DS_USER,
SERVER_ROOT=server_root, DOMAIN=self.domain,
@@ -773,9 +773,6 @@ def __host_nis_groups(self):
def __add_enrollment_module(self):
self._ldap_mod("enrollment-conf.ldif", self.sub_dict)
-def generate_random(self):
-return ipautil.ipa_generate_password()
-
def __enable_ssl(self):
dirname = config_dirname(self.serverid)
dsdb = certs.CertDB(self.realm, nssdir=dirname, subject_base=self.subject_base)
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index 15c3107..9fdb5a8 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,7 +19,6 @@
from __future__ import print_function
-import binascii
import os
import os.path
import pwd
@@ -314,9 +313,9 @@ def create_cert_db(self):
ipautil.backup_file(nss_path)
# Create the password file for this db
-hex_str = binascii.hexlify(os.urandom(10))
+password = ipautil.ipa_generate_password(pwd_len=15)
f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-os.write(f, hex_str)
+os.write(f, password)
