diff options
author | Martin Basti <mbasti@redhat.com> | 2016-07-22 16:41:29 +0200 |
---|---|---|
committer | Martin Basti <mbasti@redhat.com> | 2016-08-03 15:32:41 +0200 |
commit | 51ccde25f7ec0d5309c52b5349992652c7e17a01 (patch) | |
tree | 6271c90d605dbc78e5e22c2cdf7612905dfccf7b /ipaserver/plugins/stageuser.py | |
parent | 4e574cde72da159dc2e5511f23c9f6b3c762e8f5 (diff) | |
download | freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.tar.gz freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.tar.xz freeipa-51ccde25f7ec0d5309c52b5349992652c7e17a01.zip |
Increase default length of auto generated passwords
Installer/IPA generates passwords for warious purpose:
* KRA
* kerberos master key
* NSSDB password
* temporary passwords during installation
Length of passwords should be increased to 22, ~128bits of entropy, to
be safe nowadays.
https://fedorahosted.org/freeipa/ticket/6116
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
Diffstat (limited to 'ipaserver/plugins/stageuser.py')
-rw-r--r-- | ipaserver/plugins/stageuser.py | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/ipaserver/plugins/stageuser.py b/ipaserver/plugins/stageuser.py index 3b9388f60..a219e3dac 100644 --- a/ipaserver/plugins/stageuser.py +++ b/ipaserver/plugins/stageuser.py @@ -47,7 +47,7 @@ from ipalib.util import set_krbcanonicalname from ipalib import _, ngettext from ipalib import output from ipaplatform.paths import paths -from ipapython.ipautil import ipa_generate_password +from ipapython.ipautil import ipa_generate_password, GEN_TMP_PWD_LEN from ipalib.capabilities import client_has_capability if six.PY3: @@ -339,7 +339,8 @@ class stageuser_add(baseuser_add): # If requested, generate a userpassword if 'userpassword' not in entry_attrs and options.get('random'): - entry_attrs['userpassword'] = ipa_generate_password(baseuser_pwdchars) + entry_attrs['userpassword'] = ipa_generate_password( + baseuser_pwdchars, pwd_len=GEN_TMP_PWD_LEN) # save the password so it can be displayed in post_callback setattr(context, 'randompassword', entry_attrs['userpassword']) |