Bug 233785 - Conflicting acceptable password rules between SSO Create Account form and RHN Register
Conflicting acceptable password rules between SSO Create Account form and RHN...
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Backend (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Bryan Kearney
Corey Welton
Depends On:
Blocks: 246409
  Show dependency treegraph
Reported: 2007-03-24 20:05 EDT by Máirín Duffy
Modified: 2013-01-10 05:18 EST (History)
4 users (show)

See Also:
Fixed In Version: 5.0.3
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2007-10-02 12:38:17 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Máirín Duffy 2007-03-24 20:05:31 EDT
+++ This bug was initially created as a clone of Bug #233784 +++

Note: keeping bug public so customer can follow.

+++ This bug was initially created as a clone of Bug #233461 +++

Description of problem:

URL: https://www.redhat.com/wapps/ugc/register.html

- password rejection message does not state the allowed/disallowed characters
nor the character max length limit. password rules seem strange as some non
numeric non letter characters are accepted but others are not. recommend that we
are more lenient in allowing these types of characters in passwords as it
increases potential security.

From customer:

"If I enterred a password that was too short I got a nice little message
telling me it had to be at least 6 characters long. If I entered one that long
or longer that was rejected as invalid I was given no clue as to why or what
characters were allowed or not. I'm guessing '<' was not a valid character but
it would have been easier to figure out if there were a little popup or
something that just explained the rules for passwords. I still find it weird
that '<' seems bad but ':' seems good.

Update from customer:

"I created an account which has a
password that includes the '[' character. This works fine on
RHN but when trying to register a guest VM during firstboot now
I discover that the character '[' is not accepted in the password
field preventing registration."

Things to look at:

- acceptable password rules for SSO account creation
- acceptable password rules for SSO account login
- acceptable password rules for RHN Register account creation
- acceptable password rules for RHN Register account login

-- Additional comment from duffy@redhat.com on 2007-03-24 20:03 EST --

This might be useful...
Comment 1 Máirín Duffy 2007-03-24 21:02:23 EDT
update: only seems to be an issue with RHEL 5 system registrations. RHEL 4
registration client seems to accept the '[' character.
Comment 2 James Bowes 2007-09-07 14:49:18 EDT
Test plan:

Username/password/email validation is handled by userservice now, so you want to
go through creating users directly at
and through rhn_register
Make sure that the min/max length, allowed characters, password complexity rules
etc. match up.
Comment 4 Corey Welton 2007-09-11 09:26:44 EDT
QA Verified.

Note You need to log in before you can comment on or make changes to this bug.