As an admin, I wish all passwords utilized in an IPA environment to be at least 128 or 256 bits. Importantly, this should include the AJP connector secret shared by Tomcat and httpd.
Currently, when Dogtag PKI 10.9 generates an AJP secret (during the initial pkispawn), we generate a ~75 bit password. Because this is static and not rotated, it probably makes sense to use a more secure AJP connector password. PKI has exposed the pki_ajp_secret configuration value that allows IPA to generate and specify their preferred password.
pkispawn
pki_ajp_secret
75 bit password.
256-bit password.
All branches prior to https://github.com/freeipa/freeipa/pull/4819
Metadata Update from @cheimes: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1849914
Issue linked to Bugzilla: Bug 1849914
master:
ipa-4-8:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.