From: Lennart Poettering Date: Mon, 17 Feb 2025 21:28:30 +0000 (+0100) Subject: homectl: when asking for a user pw for an initial homed account at boot, don't insist... X-Git-Tag: v258-rc1~1316^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0e7dd5aa4d716f661afeef23d753992fe7fba5b6;p=thirdparty%2Fsystemd.git homectl: when asking for a user pw for an initial homed account at boot, don't insist on strong password It's just very annoying during debugging, and also unnecessary. --- diff --git a/src/home/homectl.c b/src/home/homectl.c index f53a7be93a9..b2a7bc6c107 100644 --- a/src/home/homectl.c +++ b/src/home/homectl.c @@ -2549,6 +2549,18 @@ static int create_interactively(void) { if (r < 0) return log_error_errno(r, "Failed to set userName field: %m"); + /* Let's not insist on a strong password in the firstboot interactive interface. Insisting on this is + * really annoying, as the user cannot just invoke the tool again with "--enforce-password-policy=no" + * because after all the tool is called from the boot process, and not from an interactive + * shell. Moreover, when setting up an initial system we can assume the user owns it, and hence we + * don't need to hard enforce some policy on password strength some organization or OS vendor + * requires. Note that this just disables the *strict* enforcement of the password policy. Even with + * this disabled we'll still tell the user in the UI that the password is too weak and suggest better + * ones, even if we then accept the weak ones if the user insists, by repeating it. */ + r = sd_json_variant_set_field_boolean(&arg_identity_extra, "enforcePasswordPolicy", false); + if (r < 0) + return log_error_errno(r, "Failed to set enforcePasswordPolicy field: %m"); + _cleanup_strv_free_ char **available = NULL, **groups = NULL; for (;;) { _cleanup_free_ char *s = NULL;