Installer password field char limit set too short
CPU: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
RAM: 8GB (4x2GB) PC2-6400, DDR2 @ 800Mhz SDRAM (non ECC, don't shoot me) reported by freenas as: 8088MB
Motherboard is some (I'd rather not open my box to find the model number) SATA 2 genuine Intel (developer?) board circa 2006, that I came from a lab in MIT, so all 100% Intel components.
Storage: 6x3TB 5200RPM WD Blue drives tweaked used wdidle3 in RAIDZ2
Hopefully my monstrous, and grossly inadequate hardware doesn't invalidate my statements.
The issue is with the FreeNAS 9.10.2-U2 (probably older versions too) installer. When prompted for a password during a reinstall, I tried to put in my root password (the one I was using previously) and at a certain point (I believe only 20 characters in) it started beeping at me (very rude) and not accepting any more input. I know this is an arbitrary limit in the installer field because one, I was using the same version with this password, and two because after I installed with no password the webUI forced me to put in a password and I just put in the same password. I also changed to that password from the CLI originally. I'm not sure what BSD's password limit is on the 64bit version, but I am 100% sure it's not 20 chars. This field should be changed to be identical to the max BSD password length limitation. The work around is obviously to just cancel on the password prompt, and change the password later, which is simple enough, but that doesn't make this less broken, as I'm sure you know.
#4 Updated by Michael Rabinovsky over 4 years ago
Sean Fagan wrote:
I'm on the fence about this one: the password can be changed later, and due to how it's implemented in the installer, there's a lot of limitations on what characters the password can contain.
I'm not going to pretend to know how the installer is implemented but I think these two points should be made in this case:
1) If the ability to change the password later is a reason to not have the ability to put in the proper password to begin with, maybe we shouldn't be putting a password in the installer. Seriously, freeNAS is almost useless unless you configure it via the WebUI and you can't access that without setting a password anyways, so maybe we should just be setting the root password at that stage, and leave it empty by default during the install? I'm pretty sure that is what most people do anyways, unless they have a very insecure root password.
2) I would just like to point out that technically speaking the character length has no bearing on the character type. I don't remember the character limitations, I think it's simply no "special" characters (I hate that term) because my password only has alphanumeric ones. With that said, I would defer to point one again and state that if you cannot make a proper password during the installer (even though its supported by the underlying OS) and it seems like more work than its worth to fix that, perhaps we shouldn't be setting a password during the installer.
Thanks for your time.
#6 Updated by Kris Moore over 4 years ago
- Status changed from Screened to Resolved
- Assignee changed from Sean Fagan to Kris Moore
- Priority changed from No priority to Nice to have
- Target version set to 9.10.3
This is a 2 character fix in the current installer, I've set it to allow up to 50 chars now.