Unify password generation across FreeIPA

Also had to recalculate entropy of the passwords as originally,
probability of generating each character was 1/256, however the
default probability of each character in the ipa_generate_password
is 1/95 (1/94 for first and last character).

https://fedorahosted.org/freeipa/ticket/5695

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Petr Spacek <pspacek@redhat.com>

1 files changed, 2 insertions, 3 deletions

diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
index b7ce857ed..e8c706e7a 100644
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@@ -19,7 +19,6 @@
 
 from __future__ import print_function
 
-import binascii
 import os
 import os.path
 import pwd
@@ -314,9 +313,9 @@ class HTTPInstance(service.Service):
             ipautil.backup_file(nss_path)
 
         # Create the password file for this db
-        hex_str = binascii.hexlify(os.urandom(10))
+        password = ipautil.ipa_generate_password(pwd_len=15)
         f = os.open(pwd_file, os.O_CREAT | os.O_RDWR)
-        os.write(f, hex_str)
+        os.write(f, password)
         os.close(f)
 
         ipautil.run([paths.CERTUTIL, "-d", database, "-f", pwd_file, "-N"])