Bug 146707 - Passwords for up2date and rhn_register are case-sensitive
Passwords for up2date and rhn_register are case-sensitive
Status: CLOSED CURRENTRELEASE
Product: Red Hat Satellite 5
Classification: Red Hat
Component: Documentation (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Clay Murphy
Vlady Zlatkin
https://rhn.redhat.com/help/reference...
: Documentation
Depends On:
Blocks: 146379
  Show dependency treegraph
 
Reported: 2005-01-31 16:36 EST by Clay Murphy
Modified: 2009-08-19 23:10 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-04-08 12:32:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Clay Murphy 2005-01-31 16:36:22 EST
Description of problem:
Translator Verena Fuehrer has pointed out that our documentation for
up2date and rhn_register (see URLs) say that both usernames and
passwords "Are case-insensitive" but this doesn't seem to make sense
for passwords.

Here's what she wrote:
-------------
> Hi Clay,
> in reference/register it says:
> [...]
> In addition, the following restrictions apply to both your username and
> password:
> [...]
> Are case-insensitive
>
> Apparently this only applies to the username, but not to the
password. To avoid confusion wouldn't it be better to just state that
they are both case-sensitive?
>
> Cheers,
> Verena
-------------
In addition to the first URL, this reference also exists here:
https://rhn.redhat.com/help/reference/s1-register-user-account.html

So I'm opening this bug to track resolution of this issue. My own
experiments have found:
* I cannot create a new username identical to my own that differs only
in capitalization.
* I cannot log in with my existing username altered only by
capitalization.
* I cannot log in with my existing username and a password altered
only by capitalization.

The first case seems to show that the username is case-insensitive,
preserving my namespace despite letters entered in different cases.
But the second and third cases seem to indicate that both usernames
and passwords are case-sensitive.

I would make Verena's change as suggested but fear by saying both
username and password are case-sensitive we imply you can create
distinct logins (such as work vs. home) merely by altering the
capitalization of the username.
Comment 1 Clay Murphy 2005-01-31 16:37:36 EST
Copying Verena and reassigning to Robin for clarification.
Comment 2 Clay Murphy 2005-01-31 16:39:27 EST
Setting to NEEDINFO. Robin, can you take a look at the documentation
(In the URLs), Verena's suggested changes, and the results of my own
experimentation to help me determine the correct phrasing for our
username and password requirements? Thanks.
Comment 3 Robin Norwood 2005-02-01 13:21:09 EST
Clay,

I think your second case is incorrect - I've just verified that I can
log into my account with my username altered only by capitilization. 
The rule should be:

o Usernames are not case-sensitive.
o Passwords are case-sensitive.
Comment 4 Clay Murphy 2005-02-01 16:27:51 EST
I stand corrected. Robin, you're right in that I can log in with my
username altered only by capitalization. Don't know what I did the
first time, but thank you for double-checking.

Therefore, the fix here is to the documentation only. In summary, I
need to:
* Remove the "Are case-insensitive" line from the list of requirements
for both username and password
* Add a "is not case-sensitive" line to the list of requirements for
username only
* Add a separate sentence after both lists that points out, "Passwords
are case-sensitive for obvious reasons" or somesuch.

I'm re-accepting the bug and will make the fix in the 370 release.

Comment 5 Clay Murphy 2005-02-18 12:47:53 EST
Done

TEST PLAN
Review the following sections and ensure the changes stipulated in
comment #4 took place as described:
2.2.1. Registering a User Account
5.3. Registering a User Account

Setting to ON_DEV
Comment 6 Vlady Zlatkin 2005-03-01 17:45:50 EST
verified
Comment 7 Todd Warner 2005-04-08 12:32:21 EDT
mass move: PROD_READY --> CLOSED:CURRENTRELEASE
Comment 8 Need Real Name 2005-04-10 18:32:29 EDT
(In reply to comment #3)
> Clay,
> 
> I think your second case is incorrect - I've just verified that I can
> log into my account with my username altered only by capitilization. 
> The rule should be:
> 
> o Usernames are not case-sensitive.
> o Passwords are case-sensitive.
Robin,
sorry for the late reply ;-) but that's what I stated:
Usernames are case-*in*sensitive,
whereas Passwords seem to be not ..

Cheers,
Verena

Note You need to log in before you can comment on or make changes to this bug.