|Summary:||The add-user script displays incorrect password information for the help argument|
|Product:||[JBoss] JBoss Enterprise Application Platform 6||Reporter:||sgilda|
|Component:||Scripts and Commands||Assignee:||Darran Lofthouse <darran.lofthouse>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:||Petr Kremensky <pkremens>|
|Severity:||unspecified||Docs Contact:||Russell Dickenson <rdickens>|
|Version:||6.2.0||CC:||fnasser, kkhan, pgier, smumford|
|Target Release:||EAP 6.3.0|
|Fixed In Version:||Doc Type:||Bug Fix|
In previous versions of JBoss EAP 6, the help output for the `add-user` utility only displayed a single restriction pertaining to passwords (that they not be the same as the username). This could cause confusion when adding new users, as there is more than one restriction in place to ensure valid passwords are used. In this release of the product, the single restriction has been removed from the help text. It now appears, along with other applicable restrictions, in messages displayed when using interactive mode.
|Last Closed:||2014-06-28 15:24:55 UTC||Type:||Bug|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:|
Description sgilda 2014-02-11 15:26:29 UTC
Description of problem: The following is displayed when you type: $ bin/add-user.sh --help Usage: ./add-user.sh [args...] where args include: -a If set add an application user instead of a management user -dc <value> Define the location of the domain config directory. -sc <value> Define the location the server config directory. -up, --user-properties <value> The file name of the user properties file which can be an absolute path. -g, --group <value> Comma-separated list of groups for the user. -gp, --group-properties <value> The file name of the group properties file which can be an absolute path. (If group properties is specified then user properties MUST also be specified). -p, --password <value> Password of the user. Should not be same as the username -u, --user <value> Name of the user -r, --realm <value> Name of the realm used to secure the management interfaces (default is "ManagementRealm") -s, --silent Activate the silent mode (no output to the console) -h, --help Display this message and exit The information for password is not correct. The username can only contain alphanumeric characters, so the password can never match it. A better usage description for password might be: It must contain at least 8 characters. It must contain at least one alphabetic character. It must contain at least one digit. It must contain at least one non-alphanumeric symbol And for user: It must only contain alphanumeric characters. See related Bugzilla 1063639. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
Comment 1 Darran Lofthouse 2014-02-11 15:53:07 UTC
I am going to ack this from the perspective of adding a little more information to the help output. The requirements are actually calculated after reading a configuration file so not entirely sure if we should output the exact requirements in the help text but this text should at least reflect information on how we will decide what enforcements to make.
Comment 2 Petr Kremensky 2014-02-11 15:57:19 UTC
I'll ask people around security whether these are the correct requirements for user/password.
Comment 4 Darran Lofthouse 2014-03-18 13:33:04 UTC
Re-working as EAP does not actually have a configurable password policy.
Comment 5 Darran Lofthouse 2014-03-18 13:49:26 UTC
Follow up pull request submitted: - https://github.com/jbossas/jboss-eap/pull/1078 But do also note - At this point I have removed any output describing "requirements", within EAP the requirements are not configurable so it is potentially possible to update the error message with the statically defined requirements however to do the same would be much more complex upstream as the configuration has to be analysed which is something that does not happen at the time the message is output. This would be a problem meeting our upstream first requirement and also an issue maintaining the behaviour if we port the configuration feature to EAP. As a second point, users always have the option to use interactive mode if they want a guided experience, in that mode we will be showing all of the requirements at once.
Comment 7 Petr Kremensky 2014-03-31 07:00:55 UTC
Verified on EAP 6.3.0.DR6. All password requirements were removed from help message. Rest of issue is covered by BZ928486 - Requirements for password should be shown at once
Comment 8 Scott Mumford 2014-04-24 02:10:41 UTC
Refactored release note text and marked for inclusion in the documentation.