Bug 55392 – Do not ignore the password policy by default, only when generating passwords

Bug 55392 - Do not ignore the password policy by default, only when generating passwords


Summary:	Do not ignore the password policy by default, only when generating passwords

Status:	CLOSED FIXED

Product:	UCS@school
Classification:	Unclassified
Component:	Ucsschool-lib
Version:	UCS@school 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS@school 5.0 v3-errata
Assigned To:	Tobias Wenzel
QA Contact:	Daniel Tröder

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:	55393 55399 55400 55415
	Show dependency tree / graph

Reported:	2022-11-07 09:35 CET by Tobias Wenzel
Modified:	2023-05-26 10:56 CEST (History)
CC List:	2 users (show)

See Also:
What kind of report is it?:	Feature Request
What type of bug is this?:	---
Who will be affected by this bug?:	---
How will those affected feel about the bug?:	---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tobias Wenzel

2022-11-07 09:35:18 CET

As a developer using the UCS@school lib
I can expect UCS@school software to honor the set password policies,
so that the security of my domain is as expected.


-- Context/description ---

1. Adapt the UCS@school library to not ignore password policies anymore when creating users.
2. It may still ignore password policies when generating password for new users, as generating passwords that adhere to the current policy is out of scope.
3. Add an option to the school library `User` object to ignore password policies when creating or modifying users.

Comment 2 Tobias Wenzel

2022-11-09 15:51:40 CET

as discussed, merged and built with

[5.0] 26edce259 Bug #55392: add option check password policies when creating or modifying users

Package: ucs-school-lib
Version: 13.0.28A~5.0.0.202211091547
Branch: ucs_5.0-0
Scope: ucs-school-5.0

Package: ucs-test-ucsschool
Version: 7.3.78A~5.0.0.202211091550
Branch: ucs_5.0-0
Scope: ucs-school-5.0

Comment 3 Tobias Wenzel

2022-11-11 17:08:25 CET

The behavior of the UCS@school Import can be changed by setting a ~~UCR variable~~ configuration option as can the behavior of kelvin unlike the the UMC module where we will use a UCR-V.

By default (when the ~~UCRV~~ configuration option is unset) it should be the old behavior (ignore the password policy when creating a user, but checking it when changing a user).

Comment 4 Tobias Wenzel

2022-11-11 17:09:40 CET

(In reply to Tobias Wenzel from comment #3)
> The behavior of the UCS@school Import can be changed by setting a ~~UCR
> variable~~ configuration option as can the behavior of kelvin unlike the the
> UMC module where we will use a UCR-V.
> 
> By default (when the ~~UCRV~~ configuration option is unset) it should be
> the old behavior (ignore the password policy when creating a user, but
> checking it when changing a user).

This was meant for the import bug, sorry.

Comment 5 Daniel Tröder

2022-11-14 12:55:37 CET

Merged, built, tested and advisory OK.

Comment 6 Tobias Wenzel

2022-11-17 16:27:53 CET

Errata updates for UCS@school 5.0 v3 have been released.

https://docs.software-univention.de/ucsschool-changelog/5.0v3/de/changelog.html

If this error occurs again, please clone this bug.