Improve password validation on Windows
|Affected Puppet version:||2.7.6||Branch:|
|Keywords:||windows user password|
The user type does not allow ‘:’ to be in a user’s password, because it’s assuming the password format is a cryptographic hash. But that is a valid value for Windows passwords (since those are in cleartext). Ideally we should move the validation to the providers and for Windows, use the NetValidatePasswordPolicy function to validate the password, which takes into account any password complexity, length, etc requirements.
#4 Updated by Chris Barker 4 months ago
If we could validate the password being provided by puppet this would allow for us to warn users that their password wont meet complexity standards even in noop mode, which could warn users of a possible issue applying this change when it gets rolled into production.