Description of problem: Installing dogtag from IPA server using the password (pas&w`rd) The pkisilent invocation is: /usr/bin/pkisilent ConfigureCA -cs_hostname lion.example.com -cs_port 9445 -client_certdb_dir /tmp/tmp-DD2OtV -client_certdb_pwd '(pas&w`rd)' -preop_pin sM7N05JbzO0hYV8o4Uok -domain_name IPA -admin_user admin -admin_email root@localhost -admin_password '(pas&w`rd)' -agent_name ipa-ca-agent -agent_key_size 2048 -agent_key_type rsa -agent_cert_subject "CN=ipa-ca-agent,O=EXAMPLE.COM" -ldap_host lion.example.com -ldap_port 7389 -bind_dn "cn=Directory Manager" -bind_password '(pas&w`rd)' -base_dn o=ipaca -db_name ipaca -key_size 2048 -key_type rsa -key_algorithm SHA256withRSA -save_p12 true -backup_pwd '(pas&w`rd)' -subsystem_name pki-cad -token_name internal -ca_subsystem_cert_subject_name "CN=CA Subsystem,O=EXAMPLE.COM" -ca_ocsp_cert_subject_name "CN=OCSP Subsystem,O=EXAMPLE.COM" -ca_server_cert_subject_name "CN=lion.example.com,O=EXAMPLE.COM" -ca_audit_signing_cert_subject_name "CN=CA Audit,O=EXAMPLE.COM" -ca_sign_cert_subject_name "CN=Certificate Authority,O=EXAMPLE.COM" -external false -clone false While reviewing the logs I saw this: <response> <panel>admin/console/config/importadmincertpanel.vm</panel> <res/> <showApplyButton/> <admin_pwd>(pas</admin_pwd> ... Which led me to see if the password really did get cut off: $ ldapsearch -LLL -x -D 'uid=admin,ou=people,o=ipaca' -w '(pas&w`rd)' -h localhost -p 7389 -b o=ipaca uid=admin uid ldap_bind: Invalid credentials (49) and with a truncated password: $ ldapsearch -LLL -x -D 'uid=admin,ou=people,o=ipaca' -w '(pas' -h localhost -p 7389 -b o=ipaca uid=admin uid dn: uid=admin,ou=people,o=ipaca uid: admin Version-Release number of selected component (if applicable): pki-silent-1.3.4-1.fc12.noarch pki-ca-1.3.6-1.fc12.noarch
patch is included in the patch for https://bugzilla.redhat.com/show_bug.cgi?id=645895
8.1: -bash-3.2$ svn ci -m "Bugzilla BZ645895 and 658641: ECC curves and passwords with special chars" Sending silent/src/ca/ConfigureCA.java Sending silent/src/drm/ConfigureDRM.java Sending silent/src/ocsp/ConfigureOCSP.java Sending silent/src/ra/ConfigureRA.java Sending silent/src/subca/ConfigureSubCA.java Sending silent/src/tks/ConfigureTKS.java Sending silent/src/tps/ConfigureTPS.java Transmitting file data ....... Committed revision 1725. tip: [vakwetu@dhcp231-121 silent]$ svn ci -m "Bugzilla BZ645895 and 658641: ECC curves and passwords with special chars" Sending silent/src/ca/ConfigureCA.java Sending silent/src/drm/ConfigureDRM.java Sending silent/src/ocsp/ConfigureOCSP.java Sending silent/src/ra/ConfigureRA.java Sending silent/src/subca/ConfigureSubCA.java Sending silent/src/tks/ConfigureTKS.java Sending silent/src/tps/ConfigureTPS.java Transmitting file data ....... Committed revision 1726.