From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9]) by lore.proxmox.com (Postfix) with ESMTPS id D94491FF15E for ; Fri, 4 Oct 2024 15:32:42 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 15FB3F668; Fri, 4 Oct 2024 15:32:57 +0200 (CEST) From: Shannon Sterz To: pve-devel@lists.proxmox.com Date: Fri, 4 Oct 2024 15:32:05 +0200 Message-Id: <20241004133205.258755-4-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.5 In-Reply-To: <20241004133205.258755-1-s.sterz@proxmox.com> References: <20241004133205.258755-1-s.sterz@proxmox.com> MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.047 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" when creating new users or updating existing passwords this new minimum is enforced which aligns with NIST's latest recommendations [1]. [1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver Signed-off-by: Shannon Sterz --- src/PVE/API2/AccessControl.pm | 2 +- src/PVE/API2/User.pm | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/PVE/API2/AccessControl.pm b/src/PVE/API2/AccessControl.pm index c55a7b3..1e6e011 100644 --- a/src/PVE/API2/AccessControl.pm +++ b/src/PVE/API2/AccessControl.pm @@ -341,7 +341,7 @@ __PACKAGE__->register_method ({ password => { description => "The new password.", type => 'string', - minLength => 5, + minLength => 8, maxLength => 64, }, 'confirmation-password' => $PVE::API2::TFA::OPTIONAL_PASSWORD_SCHEMA, diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm index 489d34f..535e58e 100644 --- a/src/PVE/API2/User.pm +++ b/src/PVE/API2/User.pm @@ -272,7 +272,7 @@ __PACKAGE__->register_method ({ description => "Initial password.", type => 'string', optional => 1, - minLength => 5, + minLength => 8, maxLength => 64 }, groups => get_standard_option('group-list'), -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel