[jboss-as7-dev] Relaxing password requirements for add-user script?

[Darran Lofthouse]

Agreed, a prompt would help so a feature request would be welcome.

This will be an interesting contributor task I think as we would need to 
be mapping between the configured policy and appropriate log messages.

Regards,
Darran Lofthouse.


On 10/10/2012 09:02 AM, Stuart Douglas wrote:
> Also, at the very least this should tell you the requirements before you
> have to go through the trial and error process to figure out what they are.
>
> Stuart
>
> Jaikiran Pai wrote:
>> I think it's been a while since I used the add-user script to add
>> application users. Turns out the password for the new user is now
>> checked for strength and the rules are a bit annoying [1], at least for
>> me. As a developer, I just want to test a scenario for EJB invocations.
>> I tried using "test" as a password and it failed with "too few
>> characters". Then I tried "test12345" failed again with "your password
>> should have combination of upper case, lower case, ...". I never have
>> understood this specific requirement of passwords being forced to be of
>> certain type (many sites do it). So, would it be possible to somehow
>> relax this requirement?
>>
>> I'm not a security expert, but is this "your password has to have upper
>> case, lower case, digit, special char" requirement really worth it in a
>> real application?
>>
>>
>> [1]
>> https://issues.jboss.org/browse/AS7-2756?focusedCommentId=12653165&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12653165
>>
>> -Jaikiran
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>