Univention Bugzilla – Full Text Bug Listing |
Summary: | cracklib prüft nur die Wortliste "american-english" | ||
---|---|---|---|
Product: | UCS | Reporter: | Felix Botner <botner> |
Component: | Password changes | Assignee: | Daniel Tröder <troeder> |
Status: | CLOSED FIXED | QA Contact: | Felix Botner <botner> |
Severity: | critical | ||
Priority: | P5 | CC: | damrose, gohmann, hahn, michelsmidt, petersen, walkenhorst |
Version: | UCS 4.1 | ||
Target Milestone: | UCS 4.1-0-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Felix Botner
2011-11-23 15:27:18 CET
Reported via #2014100121000155 It was sufficient at my test system to install "wngerman" - this installs /usr/share/dict/ngerman which was automatically appended in /var/cache/cracklib/src-dicts. Request from customer: #2015110921000422 I really would recommend to ship at least an additional german dict. Otherwise e.g. eichhörnchen is a "quality" password. I also guess no admin knows about it. That could probably the reason why it would rarely be noted. * DVD task list modified: r65861 * add dependency on german wordlist to univention-pam: r65871 * YAML (r65874): 2015-11-24-univention-pam.yaml, no YAML for univention-dvd (right?) * univention-pam 9.0.0-2 built to errata4.1-0 * univention-dvd 1.0.0-17 built to errata4.1-0 * igerman98 (for binary package wngerman) and dictionaries-common built to errata4.1-0 --- I did rebuild the DVD, but the new univention-pam package was not used. * dtroeder@omar:~$ build-cd-ucs4.1-0 --keep-installer # ls -lh /var/univention/buildsystem2/isotests/*20151124-123658* --- After updating univention-pam cracklibs password index has grown from 91821 words to 424042 words: # grep german /var/cache/cracklib/src-dicts # file /var/cache/cracklib/cracklib_dict.pwi BTW: cracklib is currently not used when settings/changing passwords. But if it were, it'd now also check for germen words. PS: I did NOT run (info from http://bygga.knut.univention.de/blog/?p=3802): * repo-apt-dependencies ... * announce ... as my guess is, that it's part of the announce job after the QA. Is that right? r66061 | Bug #24840: univention-pam Rename to strip date. Fix spelling r66060 | Bug #24840: Force wngerman to maintained Add to ucs_4.1-0.txt trigger list to force package to maintained. RELEASE=4.1-0 SCOPE=errata${RELEASE} # '' ARCH=amd64 # i386 repo-apt-dependencies \ --release ${RELEASE} --arch ${ARCH} \ --dist /var/univention/buildsystem2/apt/ucs_${RELEASE}${SCOPE:+-$SCOPE} \ --contents /var/univention/buildsystem2/cd-contents/ucs_${RELEASE}_${ARCH}_dvd.txt \ --input ${HOME}/src/triggers/ucs_${RELEASE}.txt \ --binary /var/univention/buildsystem2/cd-contents/ucs_${RELEASE}_${ARCH}.bin \ --source /var/univention/buildsystem2/cd-contents/ucs_${RELEASE}_${ARCH}.src \ --closure /var/univention/buildsystem2/cd-contents/ucs_${RELEASE}_${ARCH}.maintained OK - maintained list more /var/univention/buildsystem2/cd-contents/ucs_4.1-0_i386.maintained | grep wnger wngerman OK - installation/update apt-cache policy wngerman wngerman: Installiert: 20120607-1.21.201511241411 Installationskandidat: 20120607-1.21.201511241411 Versionstabelle: *** 20120607-1.21.201511241411 0 500 http://updates-test.software-univention.de/4.1/maintained/component/ 4.1-0-errata-test/all/ Packages OK - password change (denied for passwords such as passwort or eichhörnchen) OK - univention-pam.yaml Advisory: igerman98.yaml (In reply to Janek Walkenhorst from comment #8) > Advisory: igerman98.yaml -> YAML ok, Verified |