Cockpit: UI controls for user password does not honor password policy with Samba DC

NethServer Version : 7.6.1810 (updated yesterday)
Module : nethserver-cockpit 0.13.1-1.ns7, System > Users & Groups module

Trying to create a user with a low (and much insecure) password policy asks you to enter passwords which are more complex than expected.

Expected results : password policy should be honored and permit the creation of a user with password complexity congruent with the chosen password policy.

Steps to reproduce :
1 - Install NS
2 - Update and install nethserver-cockpit (should be 0.13.1-1.ns7)
3 - Install Samba DC account provider
4 - Goto Cockpit interface, System > Users & Groups
5 - Reduce password policy removing the need for strong passwords


5 - Create a new user and try a weak password (should anyways met pam.d defaults), only to see the Create button is grayed out

6 (optional) - Fulfill all the UI requirements for the password and create the user

2 Likes

Thanks for reporting.
I can reproduce even with local LDAP.

I can propose 2 solutions:

  • the “Create” button should be enabled as soon as passwords are equal, all other criteria should be ignored if complex password are disabled
  • leave the password form as is and remove the “Require strong password” option: password should always be strong!

What do you think?
/cc @dev_team

I am against this: we had to lower the password security in a lot of occasions, mostly due to explicit or implicit (given young age) resistance from “customers”. Not having this option would be quite PITA, but not the end of the world; still, I think NS will lose flexibility with this one.

1 Like

As am I. If for no other reason, enforcing artificial password complexity requirements in a development/testing environment would be a major pain.

I always use strong password even on my dev machine :smiley:

Hi, the fix is now in 7.7.1908/testing , the package is: nethserver-cockpit .

Now the password policy is honored in user creation.

1 Like