diff mbox series

[isar-cip-core,2/2] kas/opt/security.yml : Change password to fit pam_passwdqc policy

Message ID 20230705061611.20080-2-Sai.Sathujoda@toshiba-tsip.com (mailing list archive)
State Superseded
Headers show
Series [isar-cip-core,1/2] cip-core-image-security.bb : Add pam-passwdqc package for bookworm | expand

Commit Message

Sai.Sathujoda@toshiba-tsip.com July 5, 2023, 6:16 a.m. UTC 
From: Sai <Sai.Sathujoda@toshiba-tsip.com>

Since we using pam_passwdqc from bookworm, our current security image login password
does not meet the requirements based on the below given pam_passwdqc policy.

When calculating the number of character classes, upper-case letters used as the
first character and digits used as the last character of a password are not counted.
This makes our password to have only 3 character classes. Hence we are adding multiple
capital characters to make the total number of character classes as 4.

Signed-off-by: Sai <Sai.Sathujoda@toshiba-tsip.com>
---
 kas/opt/security.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jan Kiszka July 5, 2023, 6:26 a.m. UTC | #1 
On 05.07.23 08:16, Sai.Sathujoda@toshiba-tsip.com wrote:
> From: Sai <Sai.Sathujoda@toshiba-tsip.com>
> 
> Since we using pam_passwdqc from bookworm, our current security image login password
> does not meet the requirements based on the below given pam_passwdqc policy.
> 
> When calculating the number of character classes, upper-case letters used as the
> first character and digits used as the last character of a password are not counted.
> This makes our password to have only 3 character classes. Hence we are adding multiple
> capital characters to make the total number of character classes as 4.
> 
> Signed-off-by: Sai <Sai.Sathujoda@toshiba-tsip.com>
> ---
>  kas/opt/security.yml | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kas/opt/security.yml b/kas/opt/security.yml
> index 4d11905..1f3745b 100644
> --- a/kas/opt/security.yml
> +++ b/kas/opt/security.yml
> @@ -16,7 +16,7 @@ target: cip-core-image-security
>  local_conf_header:
>    root_password: |
>      USERS += "root"
> -    USER_root[password] = "Cipsecurity@123"
> +    USER_root[password] = "CIPsecurity@123"
>      USER_root[flags] = "clear-text-password"
>    adjust-swupdate: |
>      ABROOTFS_IMAGE_RECIPE = "cip-core-image-security"

I suppose this should be first so that the build does not break after
applying patch 1? Or was it already broken for the security image due to
the missing dependency in bookworm?

Jan
Sai.Sathujoda@toshiba-tsip.com July 5, 2023, 6:35 a.m. UTC | #2 
Hi Jan,

Yes you are correct. I apologize for the wrong order of the patches. I will send v2 of the patches in the right order.

Regards,
Sai Ashrith

-----Original Message-----
From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of Jan Kiszka via lists.cip-project.org
Sent: Wednesday, July 5, 2023 11:56 AM
To: ashrith sai(TSIP) <Sai.Sathujoda@toshiba-tsip.com>; cip-dev@lists.cip-project.org
Cc: dinesh kumar(TSIP TMIEC ODG Porting) <dinesh.kumar@toshiba-tsip.com>; hayashi kazuhiro(林 和宏 DME ○DIG□MPS○MP4) <kazuhiro3.hayashi@toshiba.co.jp>
Subject: Re: [cip-dev] [isar-cip-core 2/2] kas/opt/security.yml : Change password to fit pam_passwdqc policy

On 05.07.23 08:16, Sai.Sathujoda@toshiba-tsip.com wrote:
> From: Sai <Sai.Sathujoda@toshiba-tsip.com>
> 
> Since we using pam_passwdqc from bookworm, our current security image 
> login password does not meet the requirements based on the below given pam_passwdqc policy.
> 
> When calculating the number of character classes, upper-case letters 
> used as the first character and digits used as the last character of a password are not counted.
> This makes our password to have only 3 character classes. Hence we are 
> adding multiple capital characters to make the total number of character classes as 4.
> 
> Signed-off-by: Sai <Sai.Sathujoda@toshiba-tsip.com>
> ---
>  kas/opt/security.yml | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/kas/opt/security.yml b/kas/opt/security.yml index 
> 4d11905..1f3745b 100644
> --- a/kas/opt/security.yml
> +++ b/kas/opt/security.yml
> @@ -16,7 +16,7 @@ target: cip-core-image-security
>  local_conf_header:
>    root_password: |
>      USERS += "root"
> -    USER_root[password] = "Cipsecurity@123"
> +    USER_root[password] = "CIPsecurity@123"
>      USER_root[flags] = "clear-text-password"
>    adjust-swupdate: |
>      ABROOTFS_IMAGE_RECIPE = "cip-core-image-security"

I suppose this should be first so that the build does not break after applying patch 1? Or was it already broken for the security image due to the missing dependency in bookworm?

Jan

--
Siemens AG, Technology
Competence Center Embedded Linux
diff mbox series

Patch

diff --git a/kas/opt/security.yml b/kas/opt/security.yml
index 4d11905..1f3745b 100644
--- a/kas/opt/security.yml
+++ b/kas/opt/security.yml
@@ -16,7 +16,7 @@  target: cip-core-image-security
 local_conf_header:
   root_password: |
     USERS += "root"
-    USER_root[password] = "Cipsecurity@123"
+    USER_root[password] = "CIPsecurity@123"
     USER_root[flags] = "clear-text-password"
   adjust-swupdate: |
     ABROOTFS_IMAGE_RECIPE = "cip-core-image-security"