Issue #5948: [RFE] Implement pam_pwquality featureset in IPA password policies - freeipa - Pagure.io

freeipa

#5948 [RFE] Implement pam_pwquality featureset in IPA password policies

Closed: fixed 3 years ago by rcritten. Opened 7 years ago by pvoborni.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1340463

Description of problem:
At the moment "Password123!" is a valid password when a user chooses a new
password. This needs to be changed.

It would be great if we can have at least dictionary checks implemented on a
quite short term and on the long term the complete featureset of pam_pwquality


Version-Release number of selected component (if applicable):
4.3

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: Future Releases

7 years ago

mreynolds commented 5 years ago

This work is almost complete in 389 Directory Server:

https://pagure.io/389-ds-base/issue/49794

Once this is done and fully tested it should be easy to port this to FreeIPA's password policy plugin

mreynolds commented 5 years ago

We are also going to pursue the socket activated script (external syntax checker) in DS 1.4.1 via:

https://pagure.io/389-ds-base/issue/49865

rcritten commented 3 years ago

master:

41021c2 Add LDAP schema for new libpwquality attributes
6b452e5 Extend IPA pwquality plugin to include libpwquality support
c03b486 Add new pwpolicy objectclass to test_xmprpc/objectclasses.py
3fc2eda Require libpwolicy and configure it in the build system
c4cca53 Extend password policy to evaluate passwords using libpwpolicy
46d0096 Add a unit test for libpwquality-based password policy
6da070e Pass the user to the password policy check in the kdb driver
be2efc1 Add a raiseonerr option to ldappasswd_user_change
fe44835 ipatests: add test for password policies
68aa7c0 Add SELinux policy so kadmind can read the crackdb dictionary
f602da4 Requirements and design for libpwquality integration
5155280 ipatests: Add test_pwpolicy to nightly runs

rcritten commented 3 years ago

ipa-4-8:

04c34dc Add LDAP schema for new libpwquality attributes
e8232dd Extend IPA pwquality plugin to include libpwquality support
4dcb8d9 Add new pwpolicy objectclass to test_xmprpc/objectclasses.py
734afe3 Require libpwolicy and configure it in the build system
43cdcad Extend password policy to evaluate passwords using libpwpolicy
cba86e8 Add a unit test for libpwquality-based password policy
d6a8fc2 Pass the user to the password policy check in the kdb driver
676979e Add a raiseonerr option to ldappasswd_user_change
9627ac4 ipatests: add test for password policies
60768b7 Add SELinux policy so kadmind can read the crackdb dictionary
48801cb ipatests: Add test_pwpolicy to nightly runs

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

rcritten commented 3 years ago

master:

26b9a69 Wrap libpwquality PKG_CHECK_MODULES in ENABLE_SERVER test

rcritten commented 3 years ago

ipa-4-8:

3e51d44 Wrap libpwquality PKG_CHECK_MODULES in ENABLE_SERVER test

Login to comment on this ticket.

Metadata

Assignee

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

Future Releases

cc

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

DS plugins

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1340463

tester

None

changelog

None

design

None

Powered by Pagure 5.13.3

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.