Red Hat Bugzilla – Bug 1247137
Can't change password for a redhat.com account of OpenShift type
Last modified: 2016-11-07 22:48:31 EST
Description of problem:
When trying to change my password, the site insists that my old password is incorrect, even though it is correct.
Version-Release number of selected component (if applicable):
The version at https://openshift.redhat.com at the time of reporting
Steps to Reproduce:
1. Visit https://openshift.redhat.com/app/account/password/edit
2. Type old password and a new password twice, submit
Error message "Your old password was incorrect."
This happens even right after logging in with exactly the same password as later entered into the change password form. And even after resetting my password and using the new one received through e-mail.
Clarification: this happens for my redhat.com account, haven't tried others.
By trial and error I figured out that the only value which the Change Password form considers correct as the "old password" is my Red Hat account password.
This is definitely erroneous, since this happens even right after password reset, when the old password should be the one received in inbox from the reset process (right?).
Moreover, after entering my redhat.com password into the change password form and changing it into something else, I can then log into my redhat.com account with this changed password. But I still can't use this changed password, or the old one, or the reset one for login. THE ONLY way for me to log in currently is through password reset.
Does the change password process actually change my RH password? I believe this should be VERY clearly stated in the interface, or even better - the password for the RH account should not be changeable from the OS interface, it's really confusing.
It seems strange to me that OSO offers the possibility to change the RH password.
Just tried it with my account (rhn-support-adellape) and got a "Your password has been changed" message in the OpenShift webUI. New password works for openshift.com and redhat.com.
I just realized the account type under https://openshift.redhat.com/app/account is "OpenShift". This bug might (hopefully) be limited to accounts created with a redhat.com address before RHN integration (my OSO acct is ~3 years old).
So, I guess the password validation logic is inconsistent between the Change Password screen and the login screen:
* the Change Password only respects my RHN account password as correct (probably shouldn't since my acct type is OpenShift..?)
* login screen does not respect my RHN account password
This is a known issue in the case where a user has a "simple user" account and a "full user" account which conflict. You have both type of accounts for the login firstname.lastname@example.org . The reason this can happen is that RHN doesn't have any knowledge of simple users. So, OSO can prevent the creation of a simple user which conflicts with an RHN account, but RHN will happily create an account that conflicts with an existing simple user, and then the problem begin.
The solution for this is to have the "simple user" deactivated. I can file an internal ticket for that.
OK, please file the ticket for deactivation of the simple account. Thanks.
I believe the ticket was created? Has the "simple user" account been deactivated? Can we close this bug at this point?
This was resolved.