cloudbase-init

reset cloudbase-init password failed

Bug #1767327 reported by gaolin
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
cloudbase-init
Confirmed
Undecided
Unassigned

Bug Description

We use cloudbase-init to inject windows password.Usually password injection is normal.
Last week,we found a failure case. We checked the cloudbase-init log and found the following log :

Set user password failed: The password dose not meet the password policy requirements, check the minimum password length ,password complexity and password history requirements

This password is set for cloudbase-init.We use the Windows Server 2012 and also check the password policy as follow,

Passwords may not contain the user's samAccountName (Account Name) value or entire displayName (Full Name value). Both checks are not case sensitive.

The displayName is parsed for delimiters: commas, periods, dashes or hyphens, underscores, spaces, pound signs, and tabs. If any of these delimiters are found, the displayName is split and all parsed sections (tokens) are confirmed to not be included in the password. Tokens that are less than three characters are ignored, and substrings of the tokens are not checked. For example, the name "Erin M. Hagens" is split into three tokens: "Erin", "M", and "Hagens". Because the second token is only one character long, it is ignored. Therefore, this user could not have a password that included either "erin" or "hagens" as a substring anywhere in the password.

url is https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994562%28v%3dws.11%29

    def generate_random_password(self, length):
        if length < 3:
            raise exception.CloudbaseInitException(
                "Password can not have less than 3 characters!")
        while True:
            pwd = super(WindowsUtils, self).generate_random_password(length)
            # Make sure that the Windows complexity requirements are met:
            # http://technet.microsoft.com/en-us/library/cc786468(v=ws.10).aspx
            valid = True
            for r in ["[a-z]", "[A-Z]", "[0-9]"]:
                if not re.search(r, pwd):
                    valid = False
            if valid:
                return pwd

password length is 20 by default and password complexity is met.

The most probable reason is that the random password for cloudbase-init contains 'init' string.

--------------------------------------------------------------
I suggest that when set user random password failed(either cloudbase-init or administrator),cloudbase-init need to retry to avoid this problem.Please consider this.

Thanks

gaolin (popular9527)
summary: - reset cloudbase-init paasword failed
+ reset cloudbase-init password failed
Adrian Vladu (avladu)
Changed in cloudbase-init:
status: New → Confirmed
gaolin (popular9527)
information type: Public → Public Security
information type: Public Security → Private Security
information type: Private Security → Public
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.