Bug#364526: debian-installer: Please implement a password-checking module
on 06/18/07 01:04, Geert Stappers wrote:
Op 17-06-2007 om 21:21 schreef Masami Ichikawa:
<snip/>
+ # password shouldn't contain login account.
+ ret=`echo $passwd | grep -ci $user`
+ if test $ret = 1; then
+ if test $passwd_len -ge $user_len; then
+ return 0
+ fi
+ fi
If I understand the above code snippet correct,
then it does allow user='root' and password='root'
and does depend on further checks.
Yes. That's right.
Please simply to source code into
+ ret=`echo $passwd | grep -ci $user`
+ if test $ret = 1; then
+ return 0
+ fi
It does better match
+ # password shouldn't contain login account.
and it will prevent user='R00tme' with pasword='R00tme'
when I tested like that user="foo" password="food123", I thought this case may be allowed.
because, this case grep returns 1.
so, I added "if test $passwd_len -ge $user_len; then" line.
I couldn't find another solution:-(
<snip/>
--- debian/user-setup-udeb.templates (revision 47268)
+++ debian/user-setup-udeb.templates (working copy)
@@ -110,6 +117,12 @@
You entered an empty password, which is not allowed.
Please choose a non-empty password.
+Template: user-setup/chkpasswdstrength-bad
+Type: error
+_Description: Weak password
+ choose another password that does contain numbers, upper and lower
+ case characters.
+
Nitpicking:
Start 'choose' with a capital.
Yes.
Thanks for the patch
Some one who should find out,
if he could had apply the patch into versioning system.
Cheers,
--
/*
* Masami Ichikawa
* mailto: hangar-18@mub.biglobe.ne.jp
* : masami256@gmail.com
*/
Reply to: