Description of problem: With rhn-client-tools-0.4.8-1.el5.noarch going against webqa (as it sits at 11:00 on 29.1.2007) I'm able to register against webqa using a valid username and any password I care to enter. 1) run rhn_register 2) at the Update Location screen, enter "https://xmlrpc.rhn.webqa.redhat.com/XMLRPC" as the location and continue 3) enter a valid username and any password you like Will work. Really shouldn't work.
Proposing as RHEL5 blocker, as otherwise this code might make it to the live site. Need some sort of resolution prior to that.
may be related to bug 223515
TEST PLAN ----------- 1) ping xmlrpc.rhn.webqa.redhat.com 2) edit /etc/hosts with the following: <ip address from above ping> xmlrpc.rhn.redhat.com While this seems silly, it goes through the "hosted" code path which is important to test versus the one mentioned in step 2 of original comment 3) Continue with Step 1 & 3 from Original Comment.
QA Verified -- can no longer login using an arbitrary password.
Closing out.