Description of problem: Installer accepts password not strong enough for the vault.sh and fails during installation processing with message: <code> * Error * JBAS015264: Password is not strong enough, it is 'MODERATE'. It should be at least 'MEDIUM'. Exception in thread "main" org.jboss.as.domain.management.security.adduser.AddUserFailedException: JBAS015264: Password is not strong enough, it is 'MODERATE'. It should be at least 'MEDIUM'. at org.jboss.as.domain.management.security.adduser.ErrorState.execute(ErrorState.java:71) at org.jboss.as.domain.management.security.adduser.AddUser.run(AddUser.java:131) at org.jboss.as.domain.management.security.adduser.AddUser.main(AddUser.java:212) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.jboss.modules.Module.run(Module.java:312) at org.jboss.modules.Main.main(Main.java:473) Exit code: 1 </code> Version-Release number of selected component (if applicable): DV 6.2.0 ER3 How reproducible: with specific passwords Steps to Reproduce: 1. Start installer, create admin user, check same passwords, provide password: 'asdfasdf{123' 2. Continue to the processing phase by leaving all defaults. 3. Examine the installer processing page output for above mentioned error Actual results: installer fails Expected results: decline the password as weak
We need to document this.
Hi, The jbossas password strength algorithm sometimes produces bizarre results such as this. (asdfasdf{123) is a MODERATE password yet (asdf{123) is a MEDIUM password. There's no way for the installer to change this algorithm, so I've added a new password strength checking validator that uses the same algorithm as the one in jbossas. Passwords that will not be ranked strong enough for the installation to proceed successfully are no longer allowed (an error message is displayed in the user creation screen). Thank you, Emmett Underhill
This is actually fixed in the latest build. Marking as ON_QA for now.
The reported problem was resolved in ER4 build. Checked only for reported password 'asdfasdf{123'