Univention Bugzilla – Bug 34067
create_machine_password doesn't check UDM password policy
Last modified: 2020-07-03 20:56:45 CEST
In it's current implementation the schell-univention-lib function create_machine_password does not and cannot not check if a UDM password policy should be respected. It just checks if the UCR variable machine/password/length is set. The default value of 20 is high enough to avoid problems in the most usual cases. We could improve the function by passing the DN of the target object and make it call univention-policy-result on it to obtain the policy for that DN -- but this would be difficult to use. A better option might be to implement a switch like --get-random-password in udm-cli, which generates a new random password complying to the policy applicable to the target DN (or machine/password/length if that is higher). udm-cli should then return the generated password to the caller, so it can be stored in a location of his choice.
The obvious idea is to use this new option in combination with a udm create or modify call.
This issue has been filed against UCS 3. UCS 3 is out of the normal maintenance and many UCS components have vastly changed in UCS 4. If this issue is still valid, please change the version to a newer UCS version otherwise this issue will be automatically closed in the next weeks.
This issue has been filed against UCS 4.2. UCS 4.2 is out of maintenance and many UCS components have changed in later releases. Thus, this issue is now being closed. If this issue still occurs in newer UCS versions, please use "Clone this bug" or reopen it and update the UCS version. In this case please provide detailed information on how this issue is affecting you.