After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 676396 - users: Optionally use libpwquality for password handling
users: Optionally use libpwquality for password handling
Status: RESOLVED FIXED
Product: gnome-control-center
Classification: Core
Component: User Accounts
unspecified
Other All
: Normal normal
: ---
Assigned To: Control-Center Maintainers
Control-Center Maintainers
: 676392 676393 676394 676395 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2012-05-19 21:47 UTC by Matthias Clasen
Modified: 2012-05-23 14:44 UTC
See Also:
GNOME target: ---
GNOME version: ---


Attachments
users: Optionally use libpwquality for password handling (5.90 KB, patch)
2012-05-19 21:47 UTC, Matthias Clasen
reviewed Details | Review
users: Pass more information to password checker (4.56 KB, patch)
2012-05-19 21:47 UTC, Matthias Clasen
reviewed Details | Review
separate out password handling (12.39 KB, patch)
2012-05-23 13:19 UTC, Matthias Clasen
accepted-commit_now Details | Review
use libpwquality (6.72 KB, patch)
2012-05-23 13:20 UTC, Matthias Clasen
reviewed Details | Review
pass more information to password checker (3.77 KB, patch)
2012-05-23 13:21 UTC, Matthias Clasen
accepted-commit_now Details | Review

Description Matthias Clasen 2012-05-19 21:47:14 UTC
Using a library for password generation and quality checking
has the obvious benefit that we can have centralized policy
for password quality.
Comment 1 Matthias Clasen 2012-05-19 21:47:16 UTC
Created attachment 214462 [details] [review]
users: Optionally use libpwquality for password handling
Comment 2 Matthias Clasen 2012-05-19 21:47:35 UTC
Created attachment 214463 [details] [review]
users: Pass more information to password checker

Passing the username and the old password allows the password
quality check find more bad passwords.
Also, add a way to provide more information about what is
bad about a password.
Comment 3 Matthias Clasen 2012-05-19 22:16:32 UTC
The patch here applies on top of bug 633601
Comment 4 Matthias Clasen 2012-05-20 01:26:44 UTC
*** Bug 676392 has been marked as a duplicate of this bug. ***
Comment 5 Matthias Clasen 2012-05-20 01:27:47 UTC
*** Bug 676393 has been marked as a duplicate of this bug. ***
Comment 6 Matthias Clasen 2012-05-20 01:28:06 UTC
*** Bug 676394 has been marked as a duplicate of this bug. ***
Comment 7 Matthias Clasen 2012-05-20 01:28:31 UTC
*** Bug 676395 has been marked as a duplicate of this bug. ***
Comment 8 Matthias Clasen 2012-05-21 10:22:08 UTC
I've sent a patch to tmraz btw - the next release of libpwquality will include a pc file
Comment 9 Bastien Nocera 2012-05-21 11:52:51 UTC
Review of attachment 214462 [details] [review]:

Looks good. Any reason why we can't make it a hard requirement though?
Comment 10 Bastien Nocera 2012-05-21 11:53:42 UTC
Review of attachment 214463 [details] [review]:

Looks good.
Comment 11 André Klapper 2012-05-21 11:58:04 UTC
Is there any tarball directory? https://fedorahosted.org/libpwquality/ seems to only provide a Mercurial repository.
Comment 12 Matthias Clasen 2012-05-21 12:33:58 UTC
(In reply to comment #9)
> Review of attachment 214462 [details] [review]:
> 
> Looks good. Any reason why we can't make it a hard requirement though?

We could, but libpwquality is a fairly new project, and looks like a fedora-only thing so far, and the security guys are not really good at selling their stuff, unfortunately.

Making it initially optional will reduce the transition pain a bit.
Comment 13 Matthias Clasen 2012-05-21 12:34:59 UTC
(In reply to comment #11)
> Is there any tarball directory? https://fedorahosted.org/libpwquality/ seems to
> only provide a Mercurial repository.

https://fedorahosted.org/releases/l/i/libpwquality/

seems to have tarballs
Comment 14 Bastien Nocera 2012-05-23 11:07:51 UTC
libpwquality is in jhbuild now, waiting on updated patch, and mail to d-d-l.
Comment 15 Matthias Clasen 2012-05-23 13:19:38 UTC
Created attachment 214758 [details] [review]
separate out password handling
Comment 16 Matthias Clasen 2012-05-23 13:20:06 UTC
Created attachment 214759 [details] [review]
use libpwquality
Comment 17 Matthias Clasen 2012-05-23 13:21:03 UTC
Created attachment 214760 [details] [review]
pass more information to password checker
Comment 18 Bastien Nocera 2012-05-23 13:40:57 UTC
Review of attachment 214758 [details] [review]:

.
Comment 19 Bastien Nocera 2012-05-23 13:42:06 UTC
Review of attachment 214759 [details] [review]:

configure.ac only has some whitespace changes.
Comment 20 Bastien Nocera 2012-05-23 13:42:32 UTC
Review of attachment 214760 [details] [review]:

.
Comment 21 Bastien Nocera 2012-05-23 13:43:13 UTC
Also mention that apg isn't required anymore, for the libpwquality patch.
Comment 22 Matthias Clasen 2012-05-23 14:44:46 UTC
Thanks, pushed with those changes