[ https://issues.apache.org/jira/browse/CLOUDSTACK-8868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15037525#comment-15037525 ]
ASF subversion and git services commented on CLOUDSTACK-8868: ------------------------------------------------------------- Commit 17d5bfa32c5285bc0c96eade29ba9589b3e828c2 in cloudstack's branch refs/heads/master from [~remibergsma] [ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=17d5bfa ] Merge pull request #841 from karuturi/CLOUDSTACK-8868 CLOUDSTACK-8868: use PasswordGenerator.generateRandomPassword() to generate systemvm passwordsgenerateRandomPassword() is supposed to create root user passwords. Right now it is only used on the guest VMs. The format of the passwords it creates are of the form "random 3-character string with a lowercase character, uppercase character, and a digit" + random n-character string with only lowercase characters". For whatever reason it was that we use generateRandomPassword() for guest VM root user passwords(maybe more secure?) we should use the same function for system VM root user passwords. Tests: manually tested that password is generated in proper format and am able to login to cpvm with the new password. ex: zD2ztm, tR8snbwhq ``` $ mvn -pl server test -Dtest=ConfigurationServerImplTest#testUpdateSystemvmPassword ------------------------------------------------------- T E S T S ------------------------------------------------------- Running com.cloud.server.ConfigurationServerImplTest log4j:WARN No appenders could be found for logger (com.cloud.utils.crypt.EncryptionSecretKeyChecker). log4j:WARN Please initialize the log4j system properly. log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info. Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.487 sec - in com.cloud.server.ConfigurationServerImplTest Results : Tests run: 1, Failures: 0, Errors: 0, Skipped: 0 [INFO] ------------------------------------------------------------------------ [INFO] BUILD SUCCESS [INFO] ------------------------------------------------------------------------ [INFO] Total time: 7.781 s [INFO] Finished at: 2015-09-16T14:17:07+05:30 [INFO] Final Memory: 60M/466M [INFO] ------------------------------------------------------------------------ ``` * pr/841: CLOUDSTACK-8868: change the default vm.password.length to 10 CLOUDSTACK-8868: use same method to generate passwords for system/guest vms removed commented code Signed-off-by: Remi Bergsma <git...@remi.nl> > use PasswordGenerator.generateRandomPassword() to generate systemvm passwords > ----------------------------------------------------------------------------- > > Key: CLOUDSTACK-8868 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8868 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Affects Versions: 4.5.2, 4.6.0 > Reporter: Rajani Karuturi > Assignee: Rajani Karuturi > > generateRandomPassword() is supposed to create root user passwords. Right now > it is only used on the guest VMs. The format of the passwords it creates are > of the form "random 3-character string with a lowercase character, uppercase > character, and a digit" + random n-character string with only lowercase > characters". > For whatever reason it was that we use generateRandomPassword() for guest VM > root user passwords(maybe more secure?) we should use the same function for > system VM root user passwords. -- This message was sent by Atlassian JIRA (v6.3.4#6332)