Re: [jboss-as7-dev] Relaxing password requirements for add-user script?
+1
I don't want to use any of my regular secure passwords for this kind of
"experimenting" or "demoing" usage; I want to only use them for places
where I'm really protecting something. And I already have enough
passwords; I don't feel like remembering a throwaway password that meets
these requirements. If I were a user I'd find having to do that with no
way around it really annoying.
On 10/10/12 8:46 AM, Jason Greene wrote:
Maybe we should allow a --force option, which bypasses that stuff?
On Oct 10, 2012, at 4:49 AM, Darran Lofthouse <darran.lofthouse(a)jboss.com> wrote:
> Agreed, a prompt would help so a feature request would be welcome.
>
> This will be an interesting contributor task I think as we would need to
> be mapping between the configured policy and appropriate log messages.
>
> Regards,
> Darran Lofthouse.
>
>
> On 10/10/2012 09:02 AM, Stuart Douglas wrote:
>> Also, at the very least this should tell you the requirements before you
>> have to go through the trial and error process to figure out what they are.
>>
>> Stuart
>>
>> Jaikiran Pai wrote:
>>> I think it's been a while since I used the add-user script to add
>>> application users. Turns out the password for the new user is now
>>> checked for strength and the rules are a bit annoying [1], at least for
>>> me. As a developer, I just want to test a scenario for EJB invocations.
>>> I tried using "test" as a password and it failed with "too
few
>>> characters". Then I tried "test12345" failed again with
"your password
>>> should have combination of upper case, lower case, ...". I never have
>>> understood this specific requirement of passwords being forced to be of
>>> certain type (many sites do it). So, would it be possible to somehow
>>> relax this requirement?
>>>
>>> I'm not a security expert, but is this "your password has to have
upper
>>> case, lower case, digit, special char" requirement really worth it in a
>>> real application?
>>>
>>>
>>> [1]
>>>
https://issues.jboss.org/browse/AS7-2756?focusedCommentId=12653165&pa...
>>>
>>> -Jaikiran
>>> _______________________________________________
>>> jboss-as7-dev mailing list
>>> jboss-as7-dev(a)lists.jboss.org
>>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>> _______________________________________________
>> jboss-as7-dev mailing list
>> jboss-as7-dev(a)lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
>>
> _______________________________________________
> jboss-as7-dev mailing list
> jboss-as7-dev(a)lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
_______________________________________________
jboss-as7-dev mailing list
jboss-as7-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-as7-dev
--
Brian Stansberry
Principal Software Engineer
JBoss by Red Hat