Setting user pass with ldapsetpasswd which doesn't comply with rules is not showing proper error
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| StarlingX |
Fix Released
|
Low
|
Alan Portela Bandeira | ||
Bug Description
Brief Description
-----------------
Setting user pass with ldapsetpasswd which doesn't comply with rules is not showing proper error
Severity
-----------------
minor
Steps to Reproduce
-----------------
1)Create a ldap user: "sudo ldapusersetup"
sudo [sysadmin@
Password:
Enter username to add to LDAP: test
Successfully added user test to LDAP
Successfully set password for user test
Add test to sudoer list? (yes/NO): yes
Successfully added sudo access for user test to LDAP
Add test to secondary user group? (yes/NO): yes
Secondary group to add user to? [sys_protected]:
Successfully added user test to group cn=sys_
Enter days after which user password must be changed [90]:
Successfully modified user entry uid=test,
Updating password expiry to 90 days
Enter days before password is to expire that user is warned [2]:
Successfully modified user entry uid=test,
Updating password expiry to 2 days
[sysadmin@
2)Now set the password for this user using the command "sudo ldapsetpasswd test"
first try passwords that doesn't comply with the following password rules:
* The password must be at least 7 characters long
* You cannot reuse the last password in history
* Every password must differ from its previous on by at least 3 characters
* The password must contain:
- at least 1 lower-case character
- at least 1 upper-case character
- at least 1 numeric character
- at least 1 special character
for example:
try linux89
try LINUXsf
try 123456
{code:java}
controller-0:~$ sudo ldapsetpasswd test
Password:
Changing password for user uid=test,
New Password:
Retype New Password:
Error setting password for user uid=test,
controller-0:~$ sudo ldapsetpasswd test
Changing password for user uid=test1,
New Password:
Retype New Password:
Error setting password for user uid=test,
As you can see from the above error message is "Error setting password for user uid=test,
if you try the same by logging into the system using "test" username
{code:java}
amantri@
test1@128.
You are required to change your password immediately (root enforced)
Last login: Mon Jul 18 16:00:45 2022 from 128.224.67.94
/etc/motd.
/etc/motd.
=======
SYSTEM: yow-cgcs-
=======
WARNING: Your password has expired.
You must change your password now and login again!
Changing password for user test.
(current) LDAP Password:
New password:
BAD PASSWORD: The password contains less than 1 uppercase letters
New password:
BAD PASSWORD: The password contains less than 1 uppercase letters
New password:
BAD PASSWORD: The password contains less than 1 uppercase letters
passwd: Have exhausted maximum number of retries for service
As you can see above, the error message is clear "BAD PASSWORD: The password contains less than 1 uppercase letters"
Expected Behavior
-----------------
The error message has to be clear when setting the password for user using ""sudo ldapsetpasswd test"
Actual Behavior
-----------------
error message is not clear about the rules
Reproducibility
-----------------
100%
System Configuration
-----------------
SW_VERSION="22.06"
BUILD_TARGET="Host Installer"
BUILD_TYPE="Formal"
BUILD_ID=
SRC_BUILD_ID="1341"
BUILD_BY="jenkins"
BUILD_NUMBER="1341"
BUILD_DATE=
Last Pass
-----------------
Never
Use this section to also indicate if this is a new test scenario.
Timestamp/Logs
-----------------
Provide a snippet of logs if available and the timestamp when issue was seen.
Please indicate the unique identifier in the logs to highlight the problem
Attach the logs for debugging
Alarms
-----------------
Please indicate if there are any alarms observed.
If there are any alarms please list them here
Test Activity
-----------------
regression testing
Workaround
-----------------
Describe workaround if available
| Changed in starlingx: | |
| assignee: | nobody → Alan Portela Bandeira (aportelab) |
| Changed in starlingx: | |
| status: | New → In Progress |
| information type: | Private Security → Public Security |
| OpenStack Infra (hudson-openstack) wrote Fix merged to integ (master) | #1 |
| Changed in starlingx: | |
| status: | In Progress → Fix Released |
| Changed in starlingx: | |
| importance: | Undecided → Low |
| tags: | added: stx.9.0 |
Reviewed: https:/
Committed: https:/
Submitter: "Zuul (22348)"
Branch: master
commit 96d6f948a925974
Author: Alan Bandeira <email address hidden>
Date: Wed Mar 1 00:16:22 2023 -0300
Update error message for ldapsetpasswd
Using ldapsetpasswd when changing a password may
fail due to required password security standards.
The current error message is vague and provides
no information about the error causing password
change to fail. This fix provides a more clear
error message which informs the user about the
security requirements for a new password.
Test Plan:
PASS: In a simplex system, create a ldap user named
test and then run "sudo ldapsetpasswd test" and
provide a password that fails the security
provided password and the system should present
an error message comprising the system's security
PASS: Using the same user created in the previous test
plan, run the command "sudo ldapsetpasswd test
<pwd>", changing <pwd> for a bad password, and
the system should present an error message
for user passwords.
Closes-Bug: 2008838
Change-Id: Ibe942d87bee402
Signed-off-by: Alan Bandeira <email address hidden>