Bug 2229861

Summary: Prohibit the use of special characters in the admin user's password.
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: shimura <mshimura>
Component: DocumentationAssignee: Parth Shah <pashah>
Status: NEW --- QA Contact: Radek Bíba <rbiba>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 4.4.0   
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Comment 1 Radek Bíba 2023-08-08 06:36:17 UTC
This is currently a documentation bug/RFE, but it might as well be an engineering bug. Here's what I see:

1 - Change the password to rhuipa$sword (notice the dollar sign)
2 - Run rhui-manager, for example rhui-manager repo list
3 - You're now asked to log in with the new password, so enter rhuipa$s
4 - You get: Invalid login...
6 - Assume the password wasn't properly escaped when it was changed and '$sword' was considered a shell variable, was undefined and therefore passed on empty further down the tool chain.
7 - Run rhui-manager again and enter rhuipa (without the "variable $sword")
8 - You're in!

Comment 2 Radek Bíba 2023-08-08 06:38:05 UTC
> 3 - You're now asked to log in with the new password, so enter rhuipa$s

Correction: enter rhuipa$sword (as used in step 1)

Comment 3 Radek Bíba 2023-08-09 05:53:34 UTC
Here's the plan:

Let's document this as a known issue for now. We could even inform users how to reset the password if it was saved incorrectly due to this bug.

Anyway, this will be fixed in RHUI 4.6, where it will be possible to use a password with a dollar sign (and other special characters).