cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-8868) use PasswordGenerator.generateRandomPassword() to generate systemvm passwords
Date Thu, 03 Dec 2015 09:00:20 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-8868?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15037526#comment-15037526
] 

ASF subversion and git services commented on CLOUDSTACK-8868:
-------------------------------------------------------------

Commit 17d5bfa32c5285bc0c96eade29ba9589b3e828c2 in cloudstack's branch refs/heads/master from
[~remibergsma]
[ https://git-wip-us.apache.org/repos/asf?p=cloudstack.git;h=17d5bfa ]

Merge pull request #841 from karuturi/CLOUDSTACK-8868

CLOUDSTACK-8868: use PasswordGenerator.generateRandomPassword() to generate systemvm passwordsgenerateRandomPassword()
is supposed to create root user passwords. Right now it is only used on the guest VMs. The
format of the passwords it creates are of the form "random 3-character string with a lowercase
character, uppercase character, and a digit" + random n-character string with only lowercase
characters".

For whatever reason it was that we use generateRandomPassword() for guest VM root user passwords(maybe
more secure?) we should use the same function for system VM root user passwords.

Tests:
manually tested that password is generated in proper format and am able to login to cpvm with
the new password. ex: zD2ztm, tR8snbwhq

```
$ mvn -pl server test -Dtest=ConfigurationServerImplTest#testUpdateSystemvmPassword
-------------------------------------------------------
 T E S T S
-------------------------------------------------------
Running com.cloud.server.ConfigurationServerImplTest
log4j:WARN No appenders could be found for logger (com.cloud.utils.crypt.EncryptionSecretKeyChecker).
log4j:WARN Please initialize the log4j system properly.
log4j:WARN See http://logging.apache.org/log4j/1.2/faq.html#noconfig for more info.
Tests run: 1, Failures: 0, Errors: 0, Skipped: 0, Time elapsed: 0.487 sec - in com.cloud.server.ConfigurationServerImplTest

Results :

Tests run: 1, Failures: 0, Errors: 0, Skipped: 0

[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 7.781 s
[INFO] Finished at: 2015-09-16T14:17:07+05:30
[INFO] Final Memory: 60M/466M
[INFO] ------------------------------------------------------------------------
```

* pr/841:
  CLOUDSTACK-8868: change the default vm.password.length to 10
  CLOUDSTACK-8868: use same method to generate passwords for system/guest vms
  removed commented code

Signed-off-by: Remi Bergsma <github@remi.nl>


> use PasswordGenerator.generateRandomPassword() to generate systemvm passwords
> -----------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-8868
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-8868
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>    Affects Versions: 4.5.2, 4.6.0
>            Reporter: Rajani Karuturi
>            Assignee: Rajani Karuturi
>
> generateRandomPassword() is supposed to create root user passwords. Right now it is only
used on the guest VMs. The format of the passwords it creates are of the form "random 3-character
string with a lowercase character, uppercase character, and a digit" + random n-character
string with only lowercase characters".
> For whatever reason it was that we use generateRandomPassword() for guest VM root user
passwords(maybe more secure?) we should use the same function for system VM root user passwords.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message