Bug 49239 - Password is not complex enough despite password policies are set to no-complexity
Password is not complex enough despite password policies are set to no-comple...
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Change password
UCS 4.4
Other Linux
: P5 normal (vote)
: UCS 4.4-0-errata
Assigned To: Florian Best
Dirk Wiesenthal
:
Depends on: 49346 49039
Blocks:
  Show dependency treegraph
 
Reported: 2019-04-05 13:01 CEST by Florian Best
Modified: 2019-05-02 13:22 CEST (History)
4 users (show)

See Also:
What kind of report is it?: Bug Report
What type of bug is this?: 5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?: 2: Will only affect a few installed domains
How will those affected feel about the bug?: 5: Blocking further progress on the daily work
User Pain: 0.286
Enterprise Customer affected?:
School Customer affected?: Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number: 2019031421000493
Bug group (optional): API change, Security
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Florian Best univentionstaff 2019-04-05 13:01:42 CEST
Also for UCS 4.4.

+++ This bug was initially created as a clone of Bug #49039 +++

In the given UCS@school environment all pwd policies are configured to

  pwLength: 8
  pwQualityCheck: FALSE

  Password complexity: off
  Minimum password length: 8

but when changing the password (in this case via SelfService) the new password is rejected due to lack of complexity.

In the related Ticket there is a testing environment given to analyze further.
Comment 1 Florian Best univentionstaff 2019-04-09 12:41:58 CEST
Merged to UCS 4.4-0:

univention-management-console.yaml
8d705d1c4dd6 | YAML Bug #49239

univention-management-console (11.0.4-10)
4402132852b6 | Bug #49239: deactivate pam_cracklib
Comment 2 Florian Best univentionstaff 2019-04-17 11:02:03 CEST
Fixed/Reverted the ucs-test cases:
ucs-test (9.0.2-36)
86d43926665b | Bug #49039: fix/revert test cases
Comment 3 Dirk Wiesenthal univentionstaff 2019-04-25 10:00:13 CEST
OK, works.

OK, tests reverted. Strangely, the test 60_umc.07_expired_password.master071 still fails. But this does not seem to be related to this bug.
Comment 4 Arvid Requate univentionstaff 2019-05-02 13:22:22 CEST
<http://errata.software-univention.de/ucs/4.4/70.html>