Red Hat Bugzilla – Bug 233785
Conflicting acceptable password rules between SSO Create Account form and RHN Register
Last modified: 2013-01-10 05:18:05 EST
+++ This bug was initially created as a clone of Bug #233784 +++
Note: keeping bug public so customer can follow.
+++ This bug was initially created as a clone of Bug #233461 +++
Description of problem:
- password rejection message does not state the allowed/disallowed characters
nor the character max length limit. password rules seem strange as some non
numeric non letter characters are accepted but others are not. recommend that we
are more lenient in allowing these types of characters in passwords as it
increases potential security.
"If I enterred a password that was too short I got a nice little message
telling me it had to be at least 6 characters long. If I entered one that long
or longer that was rejected as invalid I was given no clue as to why or what
characters were allowed or not. I'm guessing '<' was not a valid character but
it would have been easier to figure out if there were a little popup or
something that just explained the rules for passwords. I still find it weird
that '<' seems bad but ':' seems good.
Update from customer:
"I created an account which has a
password that includes the '[' character. This works fine on
RHN but when trying to register a guest VM during firstboot now
I discover that the character '[' is not accepted in the password
field preventing registration."
Things to look at:
- acceptable password rules for SSO account creation
- acceptable password rules for SSO account login
- acceptable password rules for RHN Register account creation
- acceptable password rules for RHN Register account login
-- Additional comment from email@example.com on 2007-03-24 20:03 EST --
This might be useful...
update: only seems to be an issue with RHEL 5 system registrations. RHEL 4
registration client seems to accept the '[' character.
Username/password/email validation is handled by userservice now, so you want to
go through creating users directly at
and through rhn_register
Make sure that the min/max length, allowed characters, password complexity rules
etc. match up.