On 09/21/2015 03:02 PM, Matt Brookings wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 09/21/2015 08:55 AM, Drew Wells wrote:
I think that permitting a null password, if policy does not admit it, is a
security hole.
Prefer you you add another explicit call to be called for no password checking
(at all).
Regards,
Tonino
This is going to be the patch I use here, does anyone want this patch ?
Wouldn't it actually be easier to remove the password parameter from vadduser()
and then
vadduser.c can add a user (without a password) and then optionally set a
password using
vauth_setpw() ? This is exactly what it should do at the moment for adding a
user with a crypted
password, the user is added, then the crypted password is set using
vauth_setpw().
Because vadduser() previously supported an empty password ("\0"), the change to
check for this and
skip the password strength testing won't be changing its functionality. The
password strength check
was not meant to prevent blank passwords, so the fact that it broke the ability
to set one would be
a bug, and skipping the call to the password strength checker would be a bug
fix. vadduser should
not, however, be called with a NULL password.
That was exactly what my original patch on the 15th Sept. did and the
patch is attached to my original message. I have not attached my NULL
password changes patch. I'll revert the patch I use here to my original
one.
While looking at all this I have noticed that vmoduser.c allows the
setting of a "clear_text_password" (-C) but does not do any
password_strength() testing, is this also a bug ? Lastly, there does
not seem to be a way of setting "no password" on an account once it has
been created, is this correct ?
Do you have any idea what needs to be done with regard to some of the
backends being able to accept a NULL gecos ?
!DSPAM:5600119641556874115760!
