Bug#364526: debian-installer: Please implement a password-checking module
Op 17-06-2007 om 21:21 schreef Masami Ichikawa:
<snip/>
> + # password shouldn't contain login account.
> + ret=`echo $passwd | grep -ci $user`
> + if test $ret = 1; then
> + if test $passwd_len -ge $user_len; then
> + return 0
> + fi
> + fi
If I understand the above code snippet correct,
then it does allow user='root' and password='root'
and does depend on further checks.
Please simply to source code into
+ ret=`echo $passwd | grep -ci $user`
+ if test $ret = 1; then
+ return 0
+ fi
It does better match
+ # password shouldn't contain login account.
and it will prevent user='R00tme' with pasword='R00tme'
<snip/>
> --- debian/user-setup-udeb.templates (revision 47268)
> +++ debian/user-setup-udeb.templates (working copy)
> @@ -110,6 +117,12 @@
> You entered an empty password, which is not allowed.
> Please choose a non-empty password.
>
> +Template: user-setup/chkpasswdstrength-bad
> +Type: error
> +_Description: Weak password
> + choose another password that does contain numbers, upper and lower
> + case characters.
> +
Nitpicking:
Start 'choose' with a capital.
Thanks for the patch
Some one who should find out,
if he could had apply the patch into versioning system.
Reply to: