I think it's been a while since I used the add-user script to add
application users. Turns out the password for the new user is now
checked for strength and the rules are a bit annoying [1], at least for
me. As a developer, I just want to test a scenario for EJB invocations.
I tried using "test" as a password and it failed with "too few
characters". Then I tried "test12345" failed again with "your password
should have combination of upper case, lower case, ...". I never have
understood this specific requirement of passwords being forced to be of
certain type (many sites do it). So, would it be possible to somehow
relax this requirement?
I'm not a security expert, but is this "your password has to have upper
case, lower case, digit, special char" requirement really worth it in a
real application?
[1]
https://issues.jboss.org/browse/AS7-2756?focusedCommentId=12653165&pa...
-Jaikiran