[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#364526: debian-installer: Please implement a password-checking module

on 06/18/07 01:04, Geert Stappers wrote:
Op 17-06-2007 om 21:21 schreef Masami Ichikawa:
+	# password shouldn't contain login account.
+	ret=`echo $passwd | grep -ci $user`
+	if test $ret = 1; then
+ if test $passwd_len -ge $user_len; then + return 0
+		fi
+	fi

If I understand the above code snippet correct,
then it does allow user='root' and password='root'
and does depend on further checks.

Yes. That's right.

Please simply to source code into

 +	ret=`echo $passwd | grep -ci $user`
 +	if test $ret = 1; then
 +		return 0
 +	fi

It does better match + # password shouldn't contain login account.
and it will prevent user='R00tme' with pasword='R00tme'

when I tested like that user="foo" password="food123", I thought this case may be allowed.
because, this case grep returns 1.
so, I added "if test $passwd_len -ge $user_len; then" line.
I couldn't find another solution:-(

--- debian/user-setup-udeb.templates	(revision 47268)
+++ debian/user-setup-udeb.templates	(working copy)
@@ -110,6 +117,12 @@
  You entered an empty password, which is not allowed.
  Please choose a non-empty password.
+Template: user-setup/chkpasswdstrength-bad
+Type: error
+_Description: Weak password
+ choose another password that does contain numbers, upper and lower + case characters.


Start 'choose' with a capital.


Thanks for the patch
Some one who should find out,
if he could had apply the patch into versioning system.

 * Masami Ichikawa
 * mailto: hangar-18@mub.biglobe.ne.jp
 *       : masami256@gmail.com

Reply to: