diff options
author | Petr Spacek <pspacek@redhat.com> | 2016-12-21 15:07:34 +0100 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2017-01-06 09:26:56 +0100 |
commit | fb7c111ac13510609e2cba14ecf88cd2ed291a4b (patch) | |
tree | 3c963ca45514bbd66706a27175726a19a9f87713 /ipaserver/install/certs.py | |
parent | 8db5b277a079fdfe5efbd7d49311f14489cee0e8 (diff) | |
download | freeipa-fb7c111ac13510609e2cba14ecf88cd2ed291a4b.tar.gz freeipa-fb7c111ac13510609e2cba14ecf88cd2ed291a4b.tar.xz freeipa-fb7c111ac13510609e2cba14ecf88cd2ed291a4b.zip |
ipa_generate_password algorithm change
A change to the algorithm that generates random passwords
for multiple purposes throught IPA. This spells out the need
to assess password strength by the entropy it contains rather
than its length.
This new password generation should also be compatible with the
NSS implementation of password requirements in FIPS environment
so that newly created databases won't fail with wrong authentication.
https://fedorahosted.org/freeipa/ticket/5695
Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>
Diffstat (limited to 'ipaserver/install/certs.py')
-rw-r--r-- | ipaserver/install/certs.py | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/ipaserver/install/certs.py b/ipaserver/install/certs.py index 414a71664..85c2d06c0 100644 --- a/ipaserver/install/certs.py +++ b/ipaserver/install/certs.py @@ -173,7 +173,7 @@ class CertDB(object): if ipautil.file_exists(self.noise_fname): os.remove(self.noise_fname) f = open(self.noise_fname, "w") - f.write(ipautil.ipa_generate_password(pwd_len=25)) + f.write(ipautil.ipa_generate_password()) self.set_perms(self.noise_fname) def create_passwd_file(self, passwd=None): @@ -182,7 +182,7 @@ class CertDB(object): if passwd is not None: f.write("%s\n" % passwd) else: - f.write(ipautil.ipa_generate_password(pwd_len=25)) + f.write(ipautil.ipa_generate_password()) f.close() self.set_perms(self.passwd_fname) |