[pve-devel] [PATCH access-control 3/3] api: enforce a minimum length of 8 on new passwords
Shannon Sterz
s.sterz at proxmox.com
Fri Oct 4 15:32:05 CEST 2024
when creating new users or updating existing passwords this new
minimum is enforced which aligns with NIST's latest recommendations
[1].
[1]: https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Signed-off-by: Shannon Sterz <s.sterz at proxmox.com>
---
src/PVE/API2/AccessControl.pm | 2 +-
src/PVE/API2/User.pm | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/PVE/API2/AccessControl.pm b/src/PVE/API2/AccessControl.pm
index c55a7b3..1e6e011 100644
--- a/src/PVE/API2/AccessControl.pm
+++ b/src/PVE/API2/AccessControl.pm
@@ -341,7 +341,7 @@ __PACKAGE__->register_method ({
password => {
description => "The new password.",
type => 'string',
- minLength => 5,
+ minLength => 8,
maxLength => 64,
},
'confirmation-password' => $PVE::API2::TFA::OPTIONAL_PASSWORD_SCHEMA,
diff --git a/src/PVE/API2/User.pm b/src/PVE/API2/User.pm
index 489d34f..535e58e 100644
--- a/src/PVE/API2/User.pm
+++ b/src/PVE/API2/User.pm
@@ -272,7 +272,7 @@ __PACKAGE__->register_method ({
description => "Initial password.",
type => 'string',
optional => 1,
- minLength => 5,
+ minLength => 8,
maxLength => 64
},
groups => get_standard_option('group-list'),
--
2.39.5
More information about the pve-devel
mailing list