proxmox-mirrors/pve-access-control
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-access-control synced 2025-10-04 06:58:44 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

api: enforce a minimum length of 8 on new passwords

Browse Source 
when creating new users or updating existing passwords this new
minimum is enforced which aligns with NIST's latest recommendations
[1].

[1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver

Signed-off-by: Shannon Sterz <s.sterz@proxmox.com>
This commit is contained in:
Shannon Sterz 2024-10-04 15:32:05 +02:00 committed by Thomas Lamprecht
parent 84599db265
commit 47b7e66764
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/PVE/API2/AccessControl.pm
View File

@ -345,7 +345,7 @@ __PACKAGE__->register_method ({
password => { password => {
description => "The new password.", description => "The new password.",
type => 'string', type => 'string',
minLength => 5, minLength => 8,
maxLength => 64, maxLength => 64,
}, },
'confirmation-password' => $PVE::API2::TFA::OPTIONAL_PASSWORD_SCHEMA, 'confirmation-password' => $PVE::API2::TFA::OPTIONAL_PASSWORD_SCHEMA,

2
src/PVE/API2/User.pm
View File

@ -272,7 +272,7 @@ __PACKAGE__->register_method ({
description => "Initial password.", description => "Initial password.",
type => 'string', type => 'string',
optional => 1, optional => 1,
minLength => 5, minLength => 8,
maxLength => 64 maxLength => 64
}, },
groups => get_standard_option('group-list'), groups => get_standard_option('group-list'),