Unify password generation across FreeIPA

Also had to recalculate entropy of the passwords as originally, probability of generating each character was 1/256, however the default probability of each character in the ipa_generate_password is 1/95 (1/94 for first and last character). https://fedorahosted.org/freeipa/ticket/5695 Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Petr Spacek <pspacek@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-12-06 09:05:42 +01:00
parent be7865bf4f
commit 8db5b277a0
6 changed files with 8 additions and 18 deletions
--- a/ipaserver/secrets/store.py
+++ b/ipaserver/secrets/store.py
@@ -122,7 +122,7 @@ class NSSCertDB(DBMAPHandler):
            with open(nsspwfile, 'w+') as f:
                f.write(self.nssdb_password)
            pk12pwfile = os.path.join(tdir, 'pk12pwfile')
-            password = b64encode(os.urandom(16))
+            password = ipautil.ipa_generate_password(pwd_len=20)
            with open(pk12pwfile, 'w+') as f:
                f.write(password)
            pk12file = os.path.join(tdir, 'pk12file')