diff options
| author | Paul Fertser <fercerpav@gmail.com> | 2022-01-21 22:44:40 +0300 |
|---|---|---|
| committer | Ed Tanous <ed@tanous.net> | 2022-02-09 09:44:06 +0300 |
| commit | ef73ad0d99623c67679008728daa578098c54a40 (patch) | |
| tree | 6080c7169572bf315b9f8f57ead6266cf11d8dae /build_x86.sh | |
| parent | 6ba8c82ef6e67486b251cdc8c75e5a65a419a0ab (diff) | |
| download | bmcweb-ef73ad0d99623c67679008728daa578098c54a40.tar.xz | |
Allow setting MinPasswordLength in AccountService
The MinPasswordLength property is writable according to the Redfish
schema and phosphor-user-manager allows setting it, so implement the
corresponding call.
Tested:
$ curl -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' -X PATCH -d '{"MinPasswordLength": 12}'
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.8.1.Success",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
$ curl -s -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' | jq .MinPasswordLength
12
root@qemuarm:~# grep cracklib /etc/pam.d/common-password
password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=12 difok=0 lcredit=0 ocredit=0 dcredit=0 ucredit=0
$ curl -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' -X PATCH -d '{"MinPasswordLength": 8}'
{
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "Successfully Completed Request",
"MessageArgs": [],
"MessageId": "Base.1.8.1.Success",
"MessageSeverity": "OK",
"Resolution": "None"
}
]
}
$ curl -s -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' | jq .MinPasswordLength
8
root@qemuarm:~# grep cracklib /etc/pam.d/common-password
password [success=ok default=die] pam_cracklib.so debug enforce_for_root reject_username minlen=8 difok=0 lcredit=0 ocredit=0 dcredit=0 ucredit=0
With https://gerrit.openbmc-project.xyz/c/openbmc/phosphor-user-manager/+/50589
applied this doesn't silently ignore the value that is less than the lower
limit and produces an error, the old value is preserved:
$ curl -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' -X PATCH -d '{"MinPasswordLength": 7}'
{
"error": {
"@Message.ExtendedInfo": [
{
"@odata.type": "#Message.v1_1_1.Message",
"Message": "The request failed due to an internal service error. The service is still operational.",
"MessageArgs": [],
"MessageId": "Base.1.8.1.InternalError",
"MessageSeverity": "Critical",
"Resolution": "Resubmit the request. If the problem persists, consider resetting the service."
}
],
"code": "Base.1.8.1.InternalError",
"message": "The request failed due to an internal service error. The service is still operational."
}
$ curl -s -k 'https://root:0penBmc@[fe80::5054:ff:fe12:3402%tap0]/redfish/v1/AccountService' | jq .MinPasswordLength
8
Signed-off-by: Paul Fertser <fercerpav@gmail.com>
Change-Id: I17e5aa6ca7825fcffbec3939d572bc7ccc01405b
Diffstat (limited to 'build_x86.sh')
0 files changed, 0 insertions, 0 deletions