Red Hat Bugzilla – Bug 1062602
Installer accepts administrative user's password without alphabetic character
Last modified: 2015-10-05 22:42:54 EDT
Description of problem: We need to synchronize administrative user&password input validation of installer with add-user utility in EAP. Version-Release number of selected component (if applicable): EAP 6.2.0 How reproducible: Always Steps to Reproduce: 1. Run either gui or console installation and go to user creation dialogue 2. Use admin#1 as user name (should be permitted, but isn't), use 1234567! as password (should be forbidden, but isn't) Actual results: user: - username must be alphanumeric password: - password min length is 8 - password must contain digit - password must contain non-alphanumeric character Expected results: user: - no restriction for non-alphanumeric characters on user-name password: - password min length is 8 - password must contain alphabetic character - password must contain digit - password must contain non-alphanumeric character Additional info: Also documentation and add-user utility need update, see BZ1062592
Sorry for confusion, there seem to be bug in add-user utility as it accepts aaa@aaa without complaining. Username obviously cannot contain non-alphanumeric character.
Passwords now satisfy the following constraints - password min length is 8 - password must contain alphabetic character - password must contain digit - password must contain non-alphanumeric character Note that since passwords must have a non-alphanumeric and usernames cannot contain an non-alphanumeric, the username and password will never match. http://git.app.eng.bos.redhat.com/jbossas-installer.git/commit/?h=eap-6.2&id=17a0608bc9bee29099458b0dd753330edde12a0f
That is correct. I created BZ1063639 to fix the documentation.
We should fix also the text on User panel to reflect the change: id="security.text" txt="Create an administrative user. The user will be added to the ManagementRealm, and can be used to access the Management Console, as well as any other applications secured using the ManagementRealm. The password must have no fewer than 8 characters, and contain at least one number and one non-alphanumeric symbol."
String has been updated to contain. Create an administrative user. The user will be added to the ManagementRealm, and can be used to access the Management Console, as well as any other applications secured using the ManagementRealm. The password must have no fewer than 8 characters, and must contain at least one digit, alphabetic character, and non-alphanumeric symbol. http://git.app.eng.bos.redhat.com/jbossas-installer.git/commit/?h=eap-6.2&id=12f3ae6a5a9c7152694c188e5df6abfec122df9a
This is failing also with EAP 6.3.0.ER1 installer.
Installer now doesn't accept password without alphabetic symbol, but we should also fix the text (in both gui and console mode). Actual: The password must have at least 8 characters, and contain at least one number and one non-alphanumeric symbol. Expected (We can use the text from documentation): The password must be at least eight characters long, with one alphabetic character, one digit, and one non-alphabanumeric character.
Changed the string. http://git.app.eng.bos.redhat.com/git/eap-installer.git/commit/?id=9f4f79c596f14efd14d9d9ed1090b5b087a12d6f
Verified on EAP 6.3.0.ER7 installer.