Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1063888

Summary: The add-user script displays incorrect password information for the help argument
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: sgilda
Component: Scripts and CommandsAssignee: Darran Lofthouse <darran.lofthouse>
Status: CLOSED CURRENTRELEASE QA Contact: Petr Kremensky <pkremens>
Severity: unspecified Docs Contact: Russell Dickenson <rdickens>
Priority: unspecified    
Version: 6.2.0CC: fnasser, kkhan, pgier, smumford
Target Milestone: DR6   
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, the help output for the `add-user` utility only displayed a single restriction pertaining to passwords (that they not be the same as the username). This could cause confusion when adding new users, as there is more than one restriction in place to ensure valid passwords are used. In this release of the product, the single restriction has been removed from the help text. It now appears, along with other applicable restrictions, in messages displayed when using interactive mode.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 15:24:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1063861    

Description sgilda 2014-02-11 15:26:29 UTC 
Description of problem:

The following is displayed when you type: $ bin/add-user.sh --help

Usage: ./add-user.sh [args...]
where args include:
    -a                                  If set add an application user instead 
                                        of a management user

    -dc <value>                         Define the location of the domain 
                                        config directory.

    -sc <value>                         Define the location the server config 
                                        directory.

    -up, --user-properties <value>      The file name of the user properties 
                                        file which can be an absolute path.

    -g, --group <value>                 Comma-separated list of groups for the 
                                        user.

    -gp, --group-properties <value>     The file name of the group properties 
                                        file which can be an absolute path. (If 
                                        group properties is specified then user 
                                        properties MUST also be specified).

    -p, --password <value>              Password of the user. Should not be 
                                        same as the username

    -u, --user <value>                  Name of the user

    -r, --realm <value>                 Name of the realm used to secure the 
                                        management interfaces (default is 
                                        "ManagementRealm")

    -s, --silent                        Activate the silent mode (no output to 
                                        the console)

    -h, --help                          Display this message and exit


The information for password is not correct. The username can only contain alphanumeric characters, so the password can never match it. 

A better usage description for password might be:

It must contain at least 8 characters.
It must contain at least one alphabetic character.
It must contain at least one digit.
It must contain at least one non-alphanumeric symbol

And for user:

It must only contain alphanumeric characters.

See related Bugzilla 1063639.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Darran Lofthouse 2014-02-11 15:53:07 UTC 
I am going to ack this from the perspective of adding a little more information to the help output.

The requirements are actually calculated after reading a configuration file so not entirely sure if we should output the exact requirements in the help text but this text should at least reflect information on how we will decide what enforcements to make.
Comment 2 Petr Kremensky 2014-02-11 15:57:19 UTC 
I'll ask people around security whether these are the correct requirements for user/password.
Comment 4 Darran Lofthouse 2014-03-18 13:33:04 UTC 
Re-working as EAP does not actually have a configurable password policy.
Comment 5 Darran Lofthouse 2014-03-18 13:49:26 UTC 
Follow up pull request submitted: -
  https://github.com/jbossas/jboss-eap/pull/1078

But do also note - 

At this point I have removed any output describing "requirements", within EAP the requirements are not configurable so it is potentially possible to update the error message with the statically defined requirements however to do the same would be much more complex upstream as the configuration has to be analysed which is something that does not happen at the time the message is output.  This would be a problem meeting our upstream first requirement and also an issue maintaining the behaviour if we port the configuration feature to EAP.

As a second point, users always have the option to use interactive mode if they want a guided experience, in that mode we will be showing all of the requirements at once.
Comment 7 Petr Kremensky 2014-03-31 07:00:55 UTC 
Verified on EAP 6.3.0.DR6.

All password requirements were removed from help message.

Rest of issue is covered by BZ928486 - Requirements for password should be shown at once
Comment 8 Scott Mumford 2014-04-24 02:10:41 UTC 
Refactored release note text and marked for inclusion in the documentation.
Comment 9 sgilda 2014-05-12 20:09:40 UTC 
Changed <literal></literal> tags in Doc Text to ticks (`) to fix Bug 1096865