PWM v2.0.6 baaefbe7: Error, password.RandomPasswordGenerator, Generator does not match policy
45 views
Skip to first unread message
Sven Probst
Jun 2, 2023, 4:18:29 AM6/2/23
to pwm-general
hi,
the password-generator in the helpdesk-module does not match the password-policy:
2023-06-02T07:31:00Z, DEBUG, password.PasswordUtility, {vDFFt,admin} merged user password policy of 'CN=xxxxx' with PWM configured policy: PwmPasswordPolicy: {"policyMap":{"chai.pwrule.repeat.max":"0","chai.pwrule.changeMessage":"","chai.pwrule.upper.min":"0","chai.pwrule.allowUserChange":"true"
,"chai.pwrule.disallowedValues":"password\ntest","password.policy.disallowCurrent":"true","chai.pwrule.allowAdminChange":"true","chai.pwrule.uniqueRequired":"false","passwor
d.policy.allowNonAlpha":"true","chai.pwrule.unique.max":"0","chai.pwrule.special.max":"0","chai.pwrule.enforceAtLogin":"false","password.policy.charGroup.regExValues":".*[0-
9]\n.*[^A-Za-z0-9]\n.*[A-Z]\n.*[a-z]","chai.pwrule.policyEnabled":"true","chai.pwrule.lower.max":"0","password.policy.checkWordlist":"true","chai.pwrule.upper.max":"0","chai.pwrule.unique.min":"0","chai.pwrule.length.min":"25","password.policy.maximumAlpha":"0","chai.pwrule.numeric.allow":"true","password.policy.minimumNonAlpha":"0","chai.pwrule.challengeResponseEnabled":"false","password.policy.regExMatch":"","chai.pwrule.length.max":"64","password.policy.ADComplexityLevel":"AD2008","password.policy.minimumStrength":"0","chai.pwrule.disallowedAttributes":"givenName\ncn\nsn","password.policy.charGroup.minimumMatch":"0","chai.pwrule.sequentialRepeat.max":"0","password.policy.minimumAlpha":"0","chai.pwrule.lower.min":"0","password.policy.allowMacroInRegexSetting":"true","chai.pwrule.numeric.allowLast":"true","chai.pwrule.numeric.allowFirst":"true","chai.pwrule.special.allow":"true","chai.pwrule.expirationInterval":"0","chai.pwrule.special.min":"0","password.policy.maximumNonAlpha":"0","chai.pwrule.numeric.max":"0","chai.pwrule.ADComplexityMaxViolation":"2","chai.pwrule.numeric.min":"0","chai.pwrule.special.allowFirst":"true","chai.pwrule.special.allowLast":"true","password.policy.maximumConsecutive":"0","chai.pwrule.caseSensitive":"true","chai.pwrule.lifetime.minimum":"0","password.policy.regExNoMatch":""}} [xxx.xxx.xxx.xxx]
2023-06-02T07:31:00Z, TRACE, password.PasswordUtility, {vDFFt,admin} readPasswordPolicyForUser completed (7ms) [xxx.xxx.xxx.xxx]
2023-06-02T07:31:00Z, ERROR, password.RandomPasswordGenerator, {vDFFt,admin} failed random password generation after 38ms after 2000 tries. (errors=6, judgeLevel=37 [xxx.xxx.xxx.xxx]
,"chai.pwrule.disallowedValues":"password\ntest","password.policy.disallowCurrent":"true","chai.pwrule.allowAdminChange":"true","chai.pwrule.uniqueRequired":"false","passwor
d.policy.allowNonAlpha":"true","chai.pwrule.unique.max":"0","chai.pwrule.special.max":"0","chai.pwrule.enforceAtLogin":"false","password.policy.charGroup.regExValues":".*[0-
9]\n.*[^A-Za-z0-9]\n.*[A-Z]\n.*[a-z]","chai.pwrule.policyEnabled":"true","chai.pwrule.lower.max":"0","password.policy.checkWordlist":"true","chai.pwrule.upper.max":"0","chai.pwrule.unique.min":"0","chai.pwrule.length.min":"25","password.policy.maximumAlpha":"0","chai.pwrule.numeric.allow":"true","password.policy.minimumNonAlpha":"0","chai.pwrule.challengeResponseEnabled":"false","password.policy.regExMatch":"","chai.pwrule.length.max":"64","password.policy.ADComplexityLevel":"AD2008","password.policy.minimumStrength":"0","chai.pwrule.disallowedAttributes":"givenName\ncn\nsn","password.policy.charGroup.minimumMatch":"0","chai.pwrule.sequentialRepeat.max":"0","password.policy.minimumAlpha":"0","chai.pwrule.lower.min":"0","password.policy.allowMacroInRegexSetting":"true","chai.pwrule.numeric.allowLast":"true","chai.pwrule.numeric.allowFirst":"true","chai.pwrule.special.allow":"true","chai.pwrule.expirationInterval":"0","chai.pwrule.special.min":"0","password.policy.maximumNonAlpha":"0","chai.pwrule.numeric.max":"0","chai.pwrule.ADComplexityMaxViolation":"2","chai.pwrule.numeric.min":"0","chai.pwrule.special.allowFirst":"true","chai.pwrule.special.allowLast":"true","password.policy.maximumConsecutive":"0","chai.pwrule.caseSensitive":"true","chai.pwrule.lifetime.minimum":"0","password.policy.regExNoMatch":""}} [xxx.xxx.xxx.xxx]
2023-06-02T07:31:00Z, TRACE, password.PasswordUtility, {vDFFt,admin} readPasswordPolicyForUser completed (7ms) [xxx.xxx.xxx.xxx]
2023-06-02T07:31:00Z, ERROR, password.RandomPasswordGenerator, {vDFFt,admin} failed random password generation after 38ms after 2000 tries. (errors=6, judgeLevel=37 [xxx.xxx.xxx.xxx]
Policy is evaluated correct to:
"chai.pwrule.length.min":"25"
"chai.pwrule.length.max":"64"
but the generator only show passwords with less than 16 characters.
What could be done in the configuration? We have different policies defined, some with less than 16 chars allowed, some with more than 25.
Best regards
Sven
Jason Rivard
Jun 3, 2023, 6:26:13 PM6/3/23
to pwm-general
Hi Sven,
I see same issue. This isn't limited to just helpdesk, other places that have random-generated passwords will have this issue too. I think it has just never been tested with such large minimums. Please open an issue and I'll look into it further.
Reply all
Reply to author
Forward
0 new messages