Casper Admin - Do not use account passwords with spaces

aamjohns
Contributor II

I just wanted to post this in case anyone else ran into this issue.

My Casper Distribution Point on a Win Server 2008 R2 was working fine if I mounted the share using Finder.

But Casper Admin would not mount the share.

I did much troubleshooting and testing but could not find the problem.

Finally, after a call to JAMF support I found out the problem was the accounts I had set for Read/Write and Read access to the Casper Share had spaces in the passphrase, and Casper Admin did not support this.

Once the space were removed, Casper Admin would mount the share. BTW - also had to change the port to 445.

Many of you may say 'why spaces in passphrase' - well here were I work there is a tremendous push campus wide to get away from passwords and start using passphrases for increased complexity. So almost everyone uses spaces in their passphrase - it is just habit!

Thanks,
AJ.

20 REPLIES 20

tkimpton
Valued Contributor II

Thats what we call a 1D10T error lol :)

frozenarse
Contributor II

Similar issue: Don't use a password that begins with a space for your management account. I think it might have started with Casper Imaging v 8.6.2 but when the account gets created on the local machine (as part of a configuration) it won't have that space on the front end.

rockpapergoat
Contributor III

that's pretty lame.

tkimpton
Valued Contributor II

Its not lame. It really is common sense stuff to put things like underscores instead of spaces!

mm2270
Legendary Contributor III
Many of you may say 'why spaces in passphrase' - well here were I work there is a tremendous push campus wide to get away from passwords and start using passphrases for increased complexity. So almost everyone uses spaces in their passphrase - it is just habit!

No offense, but there are far far better ways of adding complexity to passwords/passphrases than adding spaces to them. You may call it habit, but its really a bad habit to get into it. Spaces aren't going to be well supported on a number of levels and in many applications you'll run into. OS X tries very hard to prevent that from even happening, and with good reason.
It would be a good idea for you as an admin to promote proper password generation by moving users away from that 'habit'

rockpapergoat
Contributor III

my point is really that passwords should be hashed. if they're not, and jamf isn't quoting/escaping whitespace properly, i'd want to know why. telling people they can't/shouldn't use certain characters in passwords is lazy. this shouldn't be an issue.

your institutional password policies may vary, of course. i hope there's no real technical reason to prevent special characters and whitespace in passwords, though. it's 2013, people.

related: http://programmers.stackexchange.com/questions/126924/why-do-certain-sites-prevent-spaces-in-passwor...

aamjohns
Contributor II

@mm2270 Ok. I get it.

mm2270
Legendary Contributor III

@aamjohns - It was not my intention to flame you, so if you took it that way, then I apologize. I was simply stating that there are ways to use passphrases without using spaces. Things like dashes, underscores and such work fine and can still reflect a 'passphrase' instead of a password.
I get that it wasn't your choice to implement this change, but sometimes we need to make ourselves heard if something being instituted at a higher level may cause issues for us, even if its an unknown at first. Forget for a moment about whether your users should be allowed to use spaces, perhaps they should; the larger issue here is that things like this that don't conform to a certain norm need to be properly tested before being implemented to ensure it isn't going to trip us up.

Again, sorry if I came across as inflammatory. Not my intention here. I just find it odd that this would be promoted at your university without anyone who initiated it stopping for a moment and saying, hey, maybe we need to test this to make sure its not going to cause any problems. Maybe it was and it just wasn't caught. I don't know since you didn't state anything about that.

aamjohns
Contributor II

It is ok. I think the University tried to find the path of least resistance. Instead of making these doctors and such use passphrases like %$RQQ23%@749 they just said it had to be so many characters long and that creating a 'phrase' was an easy way to accomplish this. Considering we had people with and 8 character password for years getting them to something that is 28 characters long is a step in the right direction. I am in no way influential in any of this. I am just a worker bee.

I understand that in the Mac OS world I should avoid spaces. Thank you. And to the point of testing to make sure no problems, well that is an issue the happens here and we cannot really help it. We are not the governors, testers, or implementors. It all comes down from the top.

The intent of my post was just to help people that might run into the same issue I did and not beat their head against the wall trying to understand why they can mount the share but Casper Admin won't.

Thanks. Aaron.

tkimpton
Valued Contributor II

What... is it really April 1st?

Great April fools ;)

frozenarse
Contributor II

Two things:
1. I'm not a fan of restrictions on what you can/can't use to create a password. Problems occur when programmers don't take all characters into account.... That's not my fault. I shouldn't have to think "Is this pwd going to be used on XYZ operating system? If so, I need to restrict my password in some way"
2. In my example. Everything worked fine with version 8.52. Only after upgrading to a newer version did the issue appear.

glutz
New Contributor III

I submitted a bug on this a few months back. I think it might be fixed in 8.64 but I haven't tried to see if it is or not.

tkimpton
Valued Contributor II

If it worked previously I would raise a support call to JAMF so they could look in to it for you.

frozenarse
Contributor II

JAMF already confirmed it and are working on it. They decided to take that route instead of just telling people to not use spaces...

JPDyson
Valued Contributor

I might suggest that it has a lot more to do with input handling in general rather than specifically allowing spaces; if spaces are breaking it, then perhaps the whole process of authentication is vulnerable to other types of special characters as well.

"Don't use spaces in a password" is a convention born of shortcomings in the applications we're using, not because spaces are actually bad characters to use in a password.

aamjohns
Contributor II

@tkimpton - I don't understand :)

The passphrase is replacing the password more often now. And to create a passphrase spaces are useful. And in my cases, spaces abound because that was how people were advised to create their passphrases. I am not saying anything about best practice complexity.

tkimpton
Valued Contributor II

Guys is it still April the 1st....

Look the fact is there are hundreds if not thousands of apps out there that may not work with a password that has spaces in it.

As long as you and your peers are aware that you could gets many many support calls about issues just relating around spaces then go ahead.

frozenarse
Contributor II

Yes... We are "ID10T's" and "fools" for using spaces in our passwords....

I'm assuming that special characters are also an unwise decision in your opinion? Because I know of a few poorly coded websites that don't allow special characters for passwords. I also know of some places where you can only have a maximum of 8 character passwords. Should users make sure to keep their passwords under 8 characters? Just in case the programmer on the other end MIGHT not have done a good enough job?

Not only do I disagree with your position on this discussion but i'm not a fan of being (not so subtly) called names...

tkimpton
Valued Contributor II

external image link

easy fella .. it was a sys admin joke. Wish Jared was here, he would probably tell you to RTFM lol

jarednichols
Honored Contributor
Wish Jared was here, her would probably tell you to RTFM lol

Oh I'm lurking :)