Increase default length of auto generated passwords

Installer/IPA generates passwords for warious purpose: * KRA * kerberos master key * NSSDB password * temporary passwords during installation Length of passwords should be increased to 22, ~128bits of entropy, to be safe nowadays. https://fedorahosted.org/freeipa/ticket/6116 Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2016-07-22 16:41:29 +0200
committer: Martin Basti <mbasti@redhat.com> 2016-08-03 15:32:41 +0200
commit: 51ccde25f7ec0d5309c52b5349992652c7e17a01 (patch)
tree: 6271c90d605dbc78e5e22c2cdf7612905dfccf7b /ipapython/ipautil.py
parent: 4e574cde72da159dc2e5511f23c9f6b3c762e8f5 (diff)
download: freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.tar.gz
freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.tar.xz
freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/ipapython/ipautil.py b/ipapython/ipautil.py
index 17d92b06f..953654355 100644
--- a/ipapython/ipautil.py
+++ b/ipapython/ipautil.py
@@ -57,7 +57,8 @@ from ipapython.dn import DN
 SHARE_DIR = paths.USR_SHARE_IPA_DIR
 PLUGINS_SHARE_DIR = paths.IPA_PLUGINS
 
-GEN_PWD_LEN = 12
+GEN_PWD_LEN = 22
+GEN_TMP_PWD_LEN = 12  # only for OTP password that is manually retyped by user
 
 # Having this in krb_utils would cause circular import
 KRB5_KDC_UNREACH = 2529639068 # Cannot contact any KDC for requested realm
author	Martin Basti <mbasti@redhat.com>	2016-07-22 16:41:29 +0200
committer	Martin Basti <mbasti@redhat.com>	2016-08-03 15:32:41 +0200
commit	51ccde25f7ec0d5309c52b5349992652c7e17a01 (patch)
tree	6271c90d605dbc78e5e22c2cdf7612905dfccf7b /ipapython/ipautil.py
parent	4e574cde72da159dc2e5511f23c9f6b3c762e8f5 (diff)
download	freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.tar.gz freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.tar.xz freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.zip