Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 6): Bug 1146860
Description of problem: Users are quite certain not to come up with random (high-entropy) passwords, let alone with high-entropy one time passwords. IMHO IPA should at least offer to generate OTPs for host enrollment in the UI, or if there are no backward-compatibility concerns, use generation as a default method with custom OTPs as a user-requested fallback Version-Release number of selected component (if applicable): ipa-server-3.0.0-37.el6.x86_64 / RHEL 6.5 How reproducible: always Steps to Reproduce: 1. add a host in the Web UI 2. set an Enrollment OTP for the host 3. Actual results: user is requested to type and retype the password Expected results: user should be offered with generated OTP by default Additional info:
I wonder if it would fly well with current Web UI - as password is generated during host addition, so the password would be known after the host creation is submitted.
Web UI may need to implement own random password generator to workaround it...
Not necessarily. We can add checkbox into adder dialog to send 'random=true' and then display 'randompassword' in the dialog along with success message. Ie. the dialog would not be closed in this case.
Not a priority for now. Patches welcome!
This is a basic workflow that junior admins using Web UI may leverage, while at the same time it should be really easy to do (just use --random flag and show the result).
--random
master:
Metadata Update from @jcholast: - Issue assigned to pvomacka - Issue set to the milestone: FreeIPA 4.4
Login to comment on this ticket.