Do note that the password generated here is considered temporary, as
previously pointed out by Chiradeep in another thread.
Thanks
Amogh
On 10/24/14 5:31 PM, "Nux!" <n...@li.nux.ro> wrote:
>Imho, considering the password is not very secure (it's missing symbols),
>we should increase the length.
>For my personal stuff I default to 15 chars.
>
>--
>Sent from the Delta quadrant using Borg technology!
>
>Nux!
>www.nux.ro
>
>----- Original Message -----
>> From: "Amogh Vasekar" <amogh.vase...@citrix.com>
>> To: dev@cloudstack.apache.org
>> Cc: "laszlo hornyak" <laszlo.horn...@gmail.com>
>> Sent: Saturday, 25 October, 2014 00:37:07
>> Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>
>> Hi Laszlo,
>>
>> Any comments on the below? I agree adding 3 characters is a bug and
>> willing to fix it.
>>
>> In addition, Ian, I believe we should set a minimum allowed value for
>>the
>> config value vm.password.length. Any objections to setting the minimum
>>to
>> 8, the previous default?
>>
>> Thanks
>> Amogh
>>
>> On 10/13/14 5:34 PM, "Ian Duffy" <i...@ianduffy.ie> wrote:
>>
>>>The only other usage of it is within
>>>server/src/com/cloud/server/ConfigurationServerImpl.java
>>>Its used for creating a Secondary storage vm copy password.
>>>
>>>I'm seeing absolutely no reason why we have 3 values going in no matter
>>>what, I'm willing to say its a bug. I'm curious to why the tests are
>>>written to deal with it though....
>>>
>>>On 14 October 2014 00:26, Nux! <n...@li.nux.ro> wrote:
>>>
>>>> Well, it's a bit messy, but still better than the old password length.
>>>> Ideally this should get clarified/fixed, but for now I am happy with
>>>>my
>>>> long+3 password! :)
>>>>
>>>>
>>>> Cheers,
>>>> Lucian
>>>>
>>>> --
>>>> Sent from the Delta quadrant using Borg technology!
>>>>
>>>> Nux!
>>>> www.nux.ro
>>>>
>>>> ----- Original Message -----
>>>> > From: "Ian Duffy" <i...@ianduffy.ie>
>>>> > To: "CloudStack Dev" <dev@cloudstack.apache.org>
>>>> > Cc: "laszlo hornyak" <laszlo.horn...@gmail.com>
>>>> > Sent: Monday, 13 October, 2014 19:54:53
>>>> > Subject: Re: vm.password.length issue in 4.4.1-SNAPSHOT
>>>>
>>>> > Hey Nux,
>>>> >
>>>> > So I passed this work off to a util class that was already present
>>>>in
>>>>the
>>>> > code base "PasswordGenerator"
>>>> >
>>>> > @Override
>>>> > public String generateRandomPassword() {
>>>> > Integer passwordLength =
>>>> > Integer.parseInt(_configDao.getValue("vm.password.length"));
>>>> > return
>>>>PasswordGenerator.generateRandomPassword(passwordLength);
>>>> > }
>>>> >
>>>> > Not a clue why but the generateRandomPassword method creates a
>>>>random
>>>> > 3-character string first then loops through to generate n random
>>>> characters.
>>>> >
>>>> > public static String generateRandomPassword(int num) {
>>>> > Random r = new SecureRandom();
>>>> > StringBuilder password = new StringBuilder();
>>>> >
>>>> > // Generate random 3-character string with a lowercase
>>>>character,
>>>> > // uppercase character, and a digit
>>>> >
>>>> >
>>>>
>>>>password.append(generateLowercaseChar(r)).append(generateUppercaseChar(
>>>>r)
>>>>).append(generateDigit(r));
>>>> >
>>>> > // Generate a random n-character string with only lowercase
>>>> > // characters
>>>> > for (int i = 0; i < num; i++) {
>>>> > password.append(generateLowercaseChar(r));
>>>> > }
>>>> >
>>>> > return password.toString();
>>>> > }
>>>> >
>>>> > The unit tests seem to accommodate for this aswell:
>>>> >
>>>> > // actual length is requested length + 3
>>>> >
>>>> >
>>>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(0).length()
>>>>==
>>>> > 3);
>>>> >
>>>> >
>>>>Assert.assertTrue(PasswordGenerator.generateRandomPassword(1).length()
>>>>==
>>>> > 4);
>>>> >
>>>> > I'm guessing there's some reasoning for this.... CCing Laszlo who
>>>> according
>>>> > to git log did some work on this class.
>>>> >
>>>> > Thanks,
>>>> >
>>>> > Ian
>>>> >
>>>> > On 13 October 2014 19:39, Nux! <n...@li.nux.ro> wrote:
>>>> >
>>>> >> Hello,
>>>> >>
>>>> >> First of all "THANKS!" to whoever made this feature happen (Ian I
>>>> guess).
>>>> >> Now we can set more secure passwords generated for our instances.
>>>> >>
>>>> >> Second, the feature works, but with a small glitch, the number
>>>>seems
>>>>to
>>>> be
>>>> >> affected by some sort of offset. I.e. if I set the password to be
>>>>15
>>>> chars
>>>> >> in length then the generated password will actually be 18 chars.
>>>> >> In order to get a 15 chars long passwd I had to set
>>>>vm.password.length
>>>> to
>>>> >> 12. Bug or feature? :)
>>>> >>
>>>> >>
>>>> >> Lucian
>>>> >>
>>>> >> --
>>>> >> Sent from the Delta quadrant using Borg technology!
>>>> >>
>>>> >> Nux!
>>>> >> www.nux.ro
