Red Hat Bugzilla – Bug 146707
Passwords for up2date and rhn_register are case-sensitive
Last modified: 2009-08-19 23:10:41 EDT
Description of problem:
Translator Verena Fuehrer has pointed out that our documentation for
up2date and rhn_register (see URLs) say that both usernames and
passwords "Are case-insensitive" but this doesn't seem to make sense
Here's what she wrote:
> Hi Clay,
> in reference/register it says:
> In addition, the following restrictions apply to both your username and
> Are case-insensitive
> Apparently this only applies to the username, but not to the
password. To avoid confusion wouldn't it be better to just state that
they are both case-sensitive?
In addition to the first URL, this reference also exists here:
So I'm opening this bug to track resolution of this issue. My own
experiments have found:
* I cannot create a new username identical to my own that differs only
* I cannot log in with my existing username altered only by
* I cannot log in with my existing username and a password altered
only by capitalization.
The first case seems to show that the username is case-insensitive,
preserving my namespace despite letters entered in different cases.
But the second and third cases seem to indicate that both usernames
and passwords are case-sensitive.
I would make Verena's change as suggested but fear by saying both
username and password are case-sensitive we imply you can create
distinct logins (such as work vs. home) merely by altering the
capitalization of the username.
Copying Verena and reassigning to Robin for clarification.
Setting to NEEDINFO. Robin, can you take a look at the documentation
(In the URLs), Verena's suggested changes, and the results of my own
experimentation to help me determine the correct phrasing for our
username and password requirements? Thanks.
I think your second case is incorrect - I've just verified that I can
log into my account with my username altered only by capitilization.
The rule should be:
o Usernames are not case-sensitive.
o Passwords are case-sensitive.
I stand corrected. Robin, you're right in that I can log in with my
username altered only by capitalization. Don't know what I did the
first time, but thank you for double-checking.
Therefore, the fix here is to the documentation only. In summary, I
* Remove the "Are case-insensitive" line from the list of requirements
for both username and password
* Add a "is not case-sensitive" line to the list of requirements for
* Add a separate sentence after both lists that points out, "Passwords
are case-sensitive for obvious reasons" or somesuch.
I'm re-accepting the bug and will make the fix in the 370 release.
Review the following sections and ensure the changes stipulated in
comment #4 took place as described:
2.2.1. Registering a User Account
5.3. Registering a User Account
Setting to ON_DEV
mass move: PROD_READY --> CLOSED:CURRENTRELEASE
(In reply to comment #3)
> I think your second case is incorrect - I've just verified that I can
> log into my account with my username altered only by capitilization.
> The rule should be:
> o Usernames are not case-sensitive.
> o Passwords are case-sensitive.
sorry for the late reply ;-) but that's what I stated:
Usernames are case-*in*sensitive,
whereas Passwords seem to be not ..