Bug 928486

Summary: Requirements for password should be shown at once
Product: [JBoss] JBoss Enterprise Application Platform 6 Reporter: Petr Kremensky <pkremens>
Component: Scripts and CommandsAssignee: Darran Lofthouse <darran.lofthouse>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: unspecified    
Version: 6.1.0CC: brian.stansberry, kkhan, nziakova, smumford
Target Milestone: ER4   
Target Release: EAP 6.3.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
In previous versions of JBoss EAP 6, a user who had entered an invalid password while using the add-user utility would only receive an error for the first contravention of the password rules found. If the user had contravened multiple rules, multiple attempts to create the password could be required before a valid password was chosen. In this release, the password utility now displays a full list of the password restrictions in advance, reducing the chances of failed password attempts.
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-06-28 15:26:40 UTC Type: Enhancement
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Petr Kremensky 2013-03-27 18:21:45 UTC
In previous versions of EAP we could use 'a' as admin password as there weren't any password restrictions, but now password must have at least 8 characters, at least one digit and at least one non-alphanumeric symbol.

Typical use-case of creating new password via add-user script for person who experienced previous versions is:

------------------------------------------------------------------
...
Enter the details of the new user to add.
Realm (ManagementRealm) : 
Username : a
Password : 

 * Error * 
JBAS015269: Password must have at least '8' characters!

Username (a) :       
Password : 

 * Error * 
JBAS015266: Password must have at least one digit.

Username (a) :     
Password : 

 * Error * 
JBAS015267: Password must have at least one non-alphanumeric symbol.

Username (a) :         
Password : 
Re-enter Password :
...
------------------------------------------------------------------

I believe that requirements for password should be revealed to user at once. Same issue is also for creating new user during installation via installer.

Comment 2 Petr Kremensky 2013-10-21 10:48:58 UTC
Than we should at least update add-user utility to show all password requirements before prompting a user to enter it (same as it is in -console installer now: "The password must have no fewer than 8 characters, and contain at least one number and one non-alphanumeric symbol.").

Comment 3 Darran Lofthouse 2013-10-21 10:52:09 UTC
This is now addressed upstream - I would suggest we propose it for the next EAP release.

Comment 4 Darran Lofthouse 2014-02-12 10:33:16 UTC
This feature now exists upstream so should just be a backport.

Comment 6 Petr Kremensky 2014-05-14 10:27:22 UTC
Verified on EAP 6.3.0.ER4.