Bug 928486 - Requirements for password should be shown at once
Summary: Requirements for password should be shown at once
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Scripts and Commands
Version: 6.1.0
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: ER4
: EAP 6.3.0
Assignee: Darran Lofthouse
QA Contact:
URL:
Whiteboard:
Keywords:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-03-27 18:21 UTC by Petr Kremensky
Modified: 2014-06-28 15:26 UTC (History)
4 users (show)

(edit)
In previous versions of JBoss EAP 6, a user who had entered an invalid password while using the add-user utility would only receive an error for the first contravention of the password rules found.

If the user had contravened multiple rules, multiple attempts to create the password could be required before a valid password was chosen. 

In this release, the password utility now displays a full list of the password restrictions in advance, reducing the chances of failed password attempts.
Clone Of:
(edit)
Last Closed: 2014-06-28 15:26:40 UTC


Attachments (Terms of Use)

Description Petr Kremensky 2013-03-27 18:21:45 UTC
In previous versions of EAP we could use 'a' as admin password as there weren't any password restrictions, but now password must have at least 8 characters, at least one digit and at least one non-alphanumeric symbol.

Typical use-case of creating new password via add-user script for person who experienced previous versions is:

------------------------------------------------------------------
...
Enter the details of the new user to add.
Realm (ManagementRealm) : 
Username : a
Password : 

 * Error * 
JBAS015269: Password must have at least '8' characters!

Username (a) :       
Password : 

 * Error * 
JBAS015266: Password must have at least one digit.

Username (a) :     
Password : 

 * Error * 
JBAS015267: Password must have at least one non-alphanumeric symbol.

Username (a) :         
Password : 
Re-enter Password :
...
------------------------------------------------------------------

I believe that requirements for password should be revealed to user at once. Same issue is also for creating new user during installation via installer.

Comment 2 Petr Kremensky 2013-10-21 10:48:58 UTC
Than we should at least update add-user utility to show all password requirements before prompting a user to enter it (same as it is in -console installer now: "The password must have no fewer than 8 characters, and contain at least one number and one non-alphanumeric symbol.").

Comment 3 Darran Lofthouse 2013-10-21 10:52:09 UTC
This is now addressed upstream - I would suggest we propose it for the next EAP release.

Comment 4 Darran Lofthouse 2014-02-12 10:33:16 UTC
This feature now exists upstream so should just be a backport.

Comment 6 Petr Kremensky 2014-05-14 10:27:22 UTC
Verified on EAP 6.3.0.ER4.


Note You need to log in before you can comment on or make changes to this bug.