* [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords
@ 2024-10-04 13:32 Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8 Shannon Sterz
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Shannon Sterz @ 2024-10-04 13:32 UTC (permalink / raw)
To: pve-devel
this series pushes the minimum of 5 characters up to at least 8 for pve.
this puts our password policy in line with NIST's latest recommendation
[1].
[1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
pve-manager:
Shannon Sterz (1):
ui: workspace/user view: change password minimum length to 8
www/manager6/Workspace.js | 1 +
www/manager6/dc/UserEdit.js | 2 +-
www/manager6/dc/UserView.js | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
proxmox-widget-toolkit:
Shannon Sterz (1):
password edit: add a minimum length parameter
src/window/PasswordEdit.js | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
pve-access-control:
Shannon Sterz (1):
api: enforce a minimum length of 8 on new passwords
src/PVE/API2/AccessControl.pm | 2 +-
src/PVE/API2/User.pm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Summary over all repositories:
6 files changed, 12 insertions(+), 4 deletions(-)
--
Generated by git-murpp 0.5.0
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
@ 2024-10-04 13:32 ` Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter Shannon Sterz
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Shannon Sterz @ 2024-10-04 13:32 UTC (permalink / raw)
To: pve-devel
this only impacts new passwords
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
www/manager6/Workspace.js | 1 +
www/manager6/dc/UserEdit.js | 2 +-
www/manager6/dc/UserView.js | 1 +
3 files changed, 3 insertions(+), 1 deletion(-)
diff --git a/www/manager6/Workspace.js b/www/manager6/Workspace.js
index 52c66108c..ca451fc3e 100644
--- a/www/manager6/Workspace.js
+++ b/www/manager6/Workspace.js
@@ -383,6 +383,7 @@ Ext.define('PVE.StdWorkspace', {
var win = Ext.create('Proxmox.window.PasswordEdit', {
userid: Proxmox.UserName,
confirmCurrentPassword: Proxmox.UserName !== 'root@pam',
+ minLength: 8,
});
win.show();
},
diff --git a/www/manager6/dc/UserEdit.js b/www/manager6/dc/UserEdit.js
index ad52edf00..eee8bc2b2 100644
--- a/www/manager6/dc/UserEdit.js
+++ b/www/manager6/dc/UserEdit.js
@@ -36,7 +36,7 @@ Ext.define('PVE.dc.UserEdit', {
pwfield = Ext.createWidget('textfield', {
inputType: 'password',
fieldLabel: gettext('Password'),
- minLength: 5,
+ minLength: 8,
name: 'password',
disabled: true,
hidden: true,
diff --git a/www/manager6/dc/UserView.js b/www/manager6/dc/UserView.js
index 12c3e8546..82bd2ee7c 100644
--- a/www/manager6/dc/UserView.js
+++ b/www/manager6/dc/UserView.js
@@ -72,6 +72,7 @@ Ext.define('PVE.dc.UserView', {
userid: rec.data.userid,
confirmCurrentPassword: Proxmox.UserName !== 'root@pam',
autoShow: true,
+ minLength: 8,
listeners: {
destroy: () => reload(),
},
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8 Shannon Sterz
@ 2024-10-04 13:32 ` Shannon Sterz
2024-11-11 20:38 ` [pve-devel] applied: " Thomas Lamprecht
2024-10-04 13:32 ` [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords Shannon Sterz
2024-11-11 22:11 ` [pve-devel] applied:-series [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters " Thomas Lamprecht
3 siblings, 1 reply; 6+ messages in thread
From: Shannon Sterz @ 2024-10-04 13:32 UTC (permalink / raw)
To: pve-devel
so products can independently specify the minimum length of new
passwords
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
src/window/PasswordEdit.js | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/window/PasswordEdit.js b/src/window/PasswordEdit.js
index bc54b8d..e012a0d 100644
--- a/src/window/PasswordEdit.js
+++ b/src/window/PasswordEdit.js
@@ -12,6 +12,10 @@ Ext.define('Proxmox.window.PasswordEdit', {
labelWidth: 150,
},
+ // specifies the minimum length of *new* passwords so this can be
+ // adapted by each product as limits are changed there.
+ minLength: 5,
+
// allow products to opt-in as their API gains support for this.
confirmCurrentPassword: false,
@@ -33,13 +37,15 @@ Ext.define('Proxmox.window.PasswordEdit', {
xtype: 'textfield',
inputType: 'password',
fieldLabel: gettext('New Password'),
- minLength: 5,
allowBlank: false,
name: 'password',
listeners: {
change: (field) => field.next().validate(),
blur: (field) => field.next().validate(),
},
+ cbind: {
+ minLength: '{minLength}',
+ },
},
{
xtype: 'textfield',
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8 Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter Shannon Sterz
@ 2024-10-04 13:32 ` Shannon Sterz
2024-11-11 22:11 ` [pve-devel] applied:-series [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters " Thomas Lamprecht
3 siblings, 0 replies; 6+ messages in thread
From: Shannon Sterz @ 2024-10-04 13:32 UTC (permalink / raw)
To: pve-devel
when creating new users or updating existing passwords this new
minimum is enforced which aligns with NIST's latest recommendations
[1].
[1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
---
src/PVE/API2/AccessControl.pm | 2 +-
src/PVE/API2/User.pm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/AccessControl.pm b/src/PVE/API2/AccessControl.pm
index c55a7b3..1e6e011 100644
--- a/src/PVE/API2/AccessControl.pm
+++ b/src/PVE/API2/AccessControl.pm
@@ -341,7 +341,7 @@ __PACKAGE__->register_method ({
password => {
description => "The new password.",
type => 'string',
- minLength => 5,
+ minLength => 8,
maxLength => 64,
},
'confirmation-password' => $PVE::API2::TFA::OPTIONAL_PASSWORD_SCHEMA,
diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 489d34f..535e58e 100644
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -272,7 +272,7 @@ __PACKAGE__->register_method ({
description => "Initial password.",
type => 'string',
optional => 1,
- minLength => 5,
+ minLength => 8,
maxLength => 64
},
groups => get_standard_option('group-list'),
--
2.39.5
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] applied: [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter
2024-10-04 13:32 ` [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter Shannon Sterz
@ 2024-11-11 20:38 ` Thomas Lamprecht
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2024-11-11 20:38 UTC (permalink / raw)
To: Proxmox VE development discussion, Shannon Sterz
Am 04.10.24 um 15:32 schrieb Shannon Sterz:
> so products can independently specify the minimum length of new
> passwords
>
> Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
> ---
> src/window/PasswordEdit.js | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
>
applied this one, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
* [pve-devel] applied:-series [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
` (2 preceding siblings ...)
2024-10-04 13:32 ` [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords Shannon Sterz
@ 2024-11-11 22:11 ` Thomas Lamprecht
3 siblings, 0 replies; 6+ messages in thread
From: Thomas Lamprecht @ 2024-11-11 22:11 UTC (permalink / raw)
To: Proxmox VE development discussion, Shannon Sterz
Am 04.10.24 um 15:32 schrieb Shannon Sterz:
> this series pushes the minimum of 5 characters up to at least 8 for pve.
> this puts our password policy in line with NIST's latest recommendation
> [1].
>
> [1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
>
> pve-manager:
>
> Shannon Sterz (1):
> ui: workspace/user view: change password minimum length to 8
>
> www/manager6/Workspace.js | 1 +
> www/manager6/dc/UserEdit.js | 2 +-
> www/manager6/dc/UserView.js | 1 +
> 3 files changed, 3 insertions(+), 1 deletion(-)
>
>
> proxmox-widget-toolkit:
>
> Shannon Sterz (1):
> password edit: add a minimum length parameter
>
> src/window/PasswordEdit.js | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
>
> pve-access-control:
>
> Shannon Sterz (1):
> api: enforce a minimum length of 8 on new passwords
>
> src/PVE/API2/AccessControl.pm | 2 +-
> src/PVE/API2/User.pm | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
>
> Summary over all repositories:
> 6 files changed, 12 insertions(+), 4 deletions(-)
>
> --
> Generated by git-murpp 0.5.0
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
applied the remaining two patches now too, thanks!
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-11-11 22:11 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-10-04 13:32 [pve-devel] [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters on new passwords Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH manager 1/3] ui: workspace/user view: change password minimum length to 8 Shannon Sterz
2024-10-04 13:32 ` [pve-devel] [PATCH widget-toolkit 2/3] password edit: add a minimum length parameter Shannon Sterz
2024-11-11 20:38 ` [pve-devel] applied: " Thomas Lamprecht
2024-10-04 13:32 ` [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords Shannon Sterz
2024-11-11 22:11 ` [pve-devel] applied:-series [PATCH manager/widget-toolkit/access-control 0/3] enforce minimum of 8 characters " Thomas Lamprecht
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal