Project

General

Profile

Bug #20998

Avatar?id=14398&size=22x22

Installer password field char limit set too short

Added by Michael Rabinovsky over 4 years ago. Updated about 4 years ago.

Status:
Resolved
Priority:
Nice to have
Assignee:
Kris Moore
Category:
OS
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:

GhettoBox™:

CPU: Intel(R) Core(TM)2 CPU 6320 @ 1.86GHz
RAM: 8GB (4x2GB) PC2-6400, DDR2 @ 800Mhz SDRAM (non ECC, don't shoot me) reported by freenas as: 8088MB
Motherboard is some (I'd rather not open my box to find the model number) SATA 2 genuine Intel (developer?) board circa 2006, that I came from a lab in MIT, so all 100% Intel components.
Storage: 6x3TB 5200RPM WD Blue drives tweaked used wdidle3 in RAIDZ2

Hopefully my monstrous, and grossly inadequate hardware doesn't invalidate my statements.

ChangeLog Required:
No

Description

The issue is with the FreeNAS 9.10.2-U2 (probably older versions too) installer. When prompted for a password during a reinstall, I tried to put in my root password (the one I was using previously) and at a certain point (I believe only 20 characters in) it started beeping at me (very rude) and not accepting any more input. I know this is an arbitrary limit in the installer field because one, I was using the same version with this password, and two because after I installed with no password the webUI forced me to put in a password and I just put in the same password. I also changed to that password from the CLI originally. I'm not sure what BSD's password limit is on the 64bit version, but I am 100% sure it's not 20 chars. This field should be changed to be identical to the max BSD password length limitation. The work around is obviously to just cancel on the password prompt, and change the password later, which is simple enough, but that doesn't make this less broken, as I'm sure you know.

Associated revisions

Revision 2573f27a (diff)
Added by Kris Moore over 4 years ago

Increase the acceptable password length to 50 chars Ticket: #20998

History

#1 Updated by Michael Rabinovsky over 4 years ago

  • Hardware Configuration updated (diff)

#2 Updated by Bonnie Follweiler over 4 years ago

  • Assignee set to Sean Fagan

#3 Updated by Sean Fagan over 4 years ago

  • Status changed from Unscreened to Screened

I'm on the fence about this one: the password can be changed later, and due to how it's implemented in the installer, there's a lot of limitations on what characters the password can contain.

#4 Updated by Michael Rabinovsky over 4 years ago

Sean Fagan wrote:

I'm on the fence about this one: the password can be changed later, and due to how it's implemented in the installer, there's a lot of limitations on what characters the password can contain.

I'm not going to pretend to know how the installer is implemented but I think these two points should be made in this case:

1) If the ability to change the password later is a reason to not have the ability to put in the proper password to begin with, maybe we shouldn't be putting a password in the installer. Seriously, freeNAS is almost useless unless you configure it via the WebUI and you can't access that without setting a password anyways, so maybe we should just be setting the root password at that stage, and leave it empty by default during the install? I'm pretty sure that is what most people do anyways, unless they have a very insecure root password.

2) I would just like to point out that technically speaking the character length has no bearing on the character type. I don't remember the character limitations, I think it's simply no "special" characters (I hate that term) because my password only has alphanumeric ones. With that said, I would defer to point one again and state that if you cannot make a proper password during the installer (even though its supported by the underlying OS) and it seems like more work than its worth to fix that, perhaps we shouldn't be setting a password during the installer.

Thanks for your time.

#5 Updated by Sean Fagan over 4 years ago

As an update: I've rewritten the installer for 10 in python, and it appears to work to some degree.

#6 Avatar?id=14398&size=24x24 Updated by Kris Moore over 4 years ago

  • Status changed from Screened to Resolved
  • Assignee changed from Sean Fagan to Kris Moore
  • Priority changed from No priority to Nice to have
  • Target version set to 9.10.3

This is a 2 character fix in the current installer, I've set it to allow up to 50 chars now.

#7 Avatar?id=14398&size=24x24 Updated by Kris Moore over 4 years ago

  • Target version changed from 9.10.3 to 11.0

#9 Updated by Vaibhav Chauhan about 4 years ago

  • Target version changed from 11.0 to 11.0-RC

Also available in: Atom PDF