Add California Law HLD #1077
Add California Law HLD #1077
Conversation
|
|
There was a problem hiding this comment.
Can you please insert a hyper link to the law being addressed as a reference
https://leginfo.legislature.ca.gov/faces/billTextClient.xhtml?bill_id=201720180SB327
and also update the folder name to California-SB237
|
@lihuay would you mind to merge or should we wait for additional reviewers? |
|
@andriydnvd, what's the plan implement feature in sonic-buildimage repo? |
|
@andriydnvd can you please add the code PR into this HLD PR by referring to #806 ? Thanks. |
|
This PR contains California-SB237 HLD
|
| New password: | ||
| Retype new password: | ||
| passwd: password updated successfully | ||
| Connection to sonic-switch closed. |
| - Support several default users | ||
| - Force to change password after image update | ||
| - Don't affect [Password hardening feature](https://github.com/sonic-net/SONiC/blob/master/doc/passw_hardening/hld_password_hardening.md) | ||
| - Expire password only for user that can do login. (login shell is /bin/bash or /bin/sh) |
| pam_unix_account module retrieves password aging information and verifies that the password and the user's account have not expired. | ||
|
|
||
| Note: | ||
| See linux [3rd Party Components](#rdPartyComponents) for more description. |
|
|
||
| ##### Flow diagram: | ||
|
|
||
|  |
There was a problem hiding this comment.
In diagram:
Default user_1 -> user_1
|
|
||
| #### 1.15.1. <a name='PWForceExpire'></a>PW Force Expiration | ||
|
|
||
| Tool for password expiration: |
There was a problem hiding this comment.
I am considering more use cases which requiring CLI:
- Force all user password expiring
- Force all user password not expiring any more
In real life, the manufactory and customers are login the device for different purpose:
- the image is build with CHANGE_DEFAULT_PASSWORD turn on.
- the manufactory test team will login and change password, and continue test
- (missing) At the end of test, the manufactory test team will force all user password expiring
- customers got the device, and login, and change password
- customer start use it in normal way.
In step 2, the manufactory team may have no motivation to change to a brand new password, is it possible for them to change password to the same password as previous one?
…6863) What is the motivation for this PR? Validating default password change after initial boot for default user such as admin. How did you do it? 1. taking a path to an image 2. manufacturing the switch to this image by uploading bin to ONIE and install it from ONIE 3. using Pexpect python module to communicate with the switch and validate expiring password message to appear after the first login. 4. suggesting a new password and then reconnecting to switch and validating that there is no expiring message to reappear 5. As part of clean-up we enforce the original password. Supported testbed topology if it's a new test case? any topology is supported. Documentation this test case is relevant for this HLD: sonic-net/SONiC#1077
zhangyanzhao
added
Request for 202211
Request for 202211 Branch
and removed
Request for 202211
labels
This PR contains California-SB237 HLD