Bug 55392 - Do not ignore the password policy by default, only when generating passwords
Do not ignore the password policy by default, only when generating passwords
Status: CLOSED FIXED
Product: UCS@school
Classification: Unclassified
Component: Ucsschool-lib
UCS@school 5.0
Other Linux
: P5 normal (vote)
: UCS@school 5.0 v3-errata
Assigned To: Tobias Wenzel
Daniel Tröder
https://git.knut.univention.de/univen...
:
Depends on:
Blocks: 55393 55399 55400 55415
  Show dependency treegraph
 
Reported: 2022-11-07 09:35 CET by Tobias Wenzel
Modified: 2023-05-26 10:56 CEST (History)
2 users (show)

See Also:
What kind of report is it?: Feature Request
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Wenzel univentionstaff 2022-11-07 09:35:18 CET
As a developer using the UCS@school lib
I can expect UCS@school software to honor the set password policies,
so that the security of my domain is as expected.


-- Context/description ---

1. Adapt the UCS@school library to not ignore password policies anymore when creating users.
2. It may still ignore password policies when generating password for new users, as generating passwords that adhere to the current policy is out of scope.
3. Add an option to the school library `User` object to ignore password policies when creating or modifying users.
Comment 2 Tobias Wenzel univentionstaff 2022-11-09 15:51:40 CET
as discussed, merged and built with

[5.0] 26edce259 Bug #55392: add option check password policies when creating or modifying users

Package: ucs-school-lib
Version: 13.0.28A~5.0.0.202211091547
Branch: ucs_5.0-0
Scope: ucs-school-5.0

Package: ucs-test-ucsschool
Version: 7.3.78A~5.0.0.202211091550
Branch: ucs_5.0-0
Scope: ucs-school-5.0
Comment 3 Tobias Wenzel univentionstaff 2022-11-11 17:08:25 CET
The behavior of the UCS@school Import can be changed by setting a ~~UCR variable~~ configuration option as can the behavior of kelvin unlike the the UMC module where we will use a UCR-V.

By default (when the ~~UCRV~~ configuration option is unset) it should be the old behavior (ignore the password policy when creating a user, but checking it when changing a user).
Comment 4 Tobias Wenzel univentionstaff 2022-11-11 17:09:40 CET
(In reply to Tobias Wenzel from comment #3)
> The behavior of the UCS@school Import can be changed by setting a ~~UCR
> variable~~ configuration option as can the behavior of kelvin unlike the the
> UMC module where we will use a UCR-V.
> 
> By default (when the ~~UCRV~~ configuration option is unset) it should be
> the old behavior (ignore the password policy when creating a user, but
> checking it when changing a user).

This was meant for the import bug, sorry.
Comment 5 Daniel Tröder univentionstaff 2022-11-14 12:55:37 CET
Merged, built, tested and advisory OK.
Comment 6 Tobias Wenzel univentionstaff 2022-11-17 16:27:53 CET
Errata updates for UCS@school 5.0 v3 have been released.

https://docs.software-univention.de/ucsschool-changelog/5.0v3/de/changelog.html

If this error occurs again, please clone this bug.