Univention Bugzilla – Bug 46131
Passwords based on a dictionary word are not detected anymore in UCS 4.3
Last modified: 2019-02-26 10:10:25 CET
UCS 4.2 prevented to create a password "chocolate" because it is based on a dictionary word, if the password complexity check was enabled. This check does not work in UCS 4.3 anymore. The test case 60_umc/105_change_expired_password_fail_reason fails in Samba 4 and Samba 3 environments. Reproduce: cn=default-settings,cn=pwhistory,cn=users,cn=policies,%s → 'univentionPWQualityCheck'=True ucr set ['password/quality/credit/lower=1', 'password/quality/credit/upper=1', 'password/quality/credit/other=1', 'password/quality/credit/digits=1'
Probably pam_cracklib is the cause.
Even though the most recent jenkins test failed, I was not able to reproduce the problem manually.
I agree with Jannik: root@master10:~# ucr set \ password/quality/credit/lower=1 \ password/quality/credit/upper=1 \ password/quality/credit/other=1 \ password/quality/credit/digits=1 Create password/quality/credit/lower Create password/quality/credit/upper Create password/quality/credit/other Create password/quality/credit/digits root@master10:~# eval "$(ucr shell)" root@master10:~# udm policies/pwhistory modify \ --dn "cn=default-settings,cn=pwhistory,cn=users,cn=policies,$ldap_base" \ --set pwQualityCheck=TRUE root@master10:~# udm users/user create --set username=user1 \ --set lastname=name1 --set password=chocolate Password policy error: Es basiert auf einem Wörterbucheintrag root@master10:~# ucr search --brief version/.* repository/mirror/version/end: <empty> repository/mirror/version/start: <empty> version/erratalevel: 0 version/patchlevel: 0 version/releasename: Neustadt version/version: 4.3
The test case still fails: http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-0/job/AutotestJoin/69/SambaVersion=no-samba,Systemrolle=master/testReport/60_umc/105_change_expired_password_fail_reason/test/ Can you adjust the test case?
http://jenkins.knut.univention.de:8080/job/UCS-4.3/job/UCS-4.3-0/job/AutotestJoin/SambaVersion=no-samba,Systemrolle=master/lastCompletedBuild/testReport/60_umc/105_change_expired_password_fail_reason/
Ok, works
UCS 4.3 has been released: https://docs.software-univention.de/release-notes-4.3-0-en.html https://docs.software-univention.de/release-notes-4.3-0-de.html If this error occurs again, please use "Clone This Bug".
This was not solved correctly, therefore we have now Bug #48684.