-
Notifications
You must be signed in to change notification settings - Fork 358
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
T6353: Add password complexity validation for system login user #4390
base: current
Are you sure you want to change the base?
T6353: Add password complexity validation for system login user #4390
Conversation
👍 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pull Request Overview
This PR introduces password complexity validation for system login users by adding an entropy‐based strength evaluation and integrating password checks into both operation and configuration modes.
- Added new utility functions in python/vyos/utils/auth.py to calculate entropy and evaluate password strength using cracklib.
- Integrated password strength feedback in the image installer and enforced complexity in the system login configuration.
- Updated smoketests to verify weak password handling.
Reviewed Changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.
File | Description |
---|---|
python/vyos/utils/auth.py | Added functions for entropy calculation and password strength evaluation with constants. |
smoketest/scripts/cli/test_system_login.py | Updated tests to set passwords and validate weak password error messages. |
src/op_mode/image_installer.py | Integrated the new password evaluation logic into the image installation process. |
src/conf_mode/system_login.py | Enforced password complexity checks in system login configuration mode. |
d991fa0
to
7c1f41a
Compare
In my opinion, configuration password complexity should be a configurable option. This check will not let me commit. For example, 98% of instances that I configure are just labs or test VMs. I understand why I use them and why I use some weak passwords. It would be interesting to hear other people's opinions. |
@sever-sever Implementing it using a Warning class was my initial intention, but what I have encountered is that (possibly due to |
0d3f7b6
to
e18788f
Compare
CI integration ❌ failed! Details
|
Change summary
install image
command in operation modesystem login
command in configuration modeTypes of changes
Related Task(s)
Related PR(s)
How to test / Smoketest result
install image
Smoketest output:
Checklist: