[
https://issues.jboss.org/browse/WFCORE-1759?page=com.atlassian.jira.plugi...
]
Ivo Hrádek edited comment on WFCORE-1759 at 9/2/16 8:54 AM:
------------------------------------------------------------
Hi [~ppetrou], are you working on this?
The secret value is just user's password encoded in base64, so probably you don't
want to show this value on the output every time. So, I think displaying this value should
be optional as in case of interactive mode.
Meanwhile, I have implemented a simple flag "--secret" or "-sv" and
made a PR [1], with following behavior:
- If it was provided in non-interactive mode, the secret value would be printed,
otherwise no,
- If it was provided in interactive mode, the secret value would be printed, without
prompting for "yes/no",
- If it was provided in non-interactive mode together with "--silent" option,
it wouldn't be printed.
btw: I think this JIRA should be more suitable for WFCORE.
EDIT1: flags has been changed to "--display-secret" and "-ds";
--
[1]
https://github.com/wildfly/wildfly-core/pull/1771
was (Author: ihradek):
Hi [~ppetrou], are you working on this?
The secret value is just user's password encoded in base64, so probably you don't
want to show this value on the output every time. So, I think displaying this value should
be optional as in case of interactive mode.
Meanwhile, I have implemented a simple flag "--secret" or "-sv" and
made a PR [1], with following behavior:
- If it was provided in non-interactive mode, the secret value would be printed,
otherwise no,
- If it was provided in interactive mode, the secret value would be printed, without
prompting for "yes/no",
- If it was provided in non-interactive mode together with "--silent" option,
it wouldn't be printed.
btw: I think this JIRA should be more suitable for WFCORE.
--
[1]
https://github.com/wildfly/wildfly-core/pull/1771
add-user.sh does not return the secret value in non-interactive
mode.
---------------------------------------------------------------------
Key: WFCORE-1759
URL:
https://issues.jboss.org/browse/WFCORE-1759
Project: WildFly Core
Issue Type: Feature Request
Components: Security
Reporter: Petros Petrou
Assignee: Ivo Hrádek
Priority: Minor
Fix For: 3.0.0.Alpha8
Running add-user.sh in non-interactive mode does not return the secret value of the
password. It would be a useful feature when automating user creation using platform build
software.
Non-Interactive Mode
=============
add-user.sh --user domainuser --password welcome1!
Added user 'domainuser' to file
'\opt\wildfly-10.0.0\standalone\configuration\mgmt-users.properties'
Added user 'domainuser' to file
'\opt\wildfly-10.0.0.Final\domain\configuration\mgmt-users.properties'
Press any key to continue . . .
Interactive Mode
=============
What type of user do you wish to add?
a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): a
Enter the details of the new user to add.
Using realm 'ManagementRealm' as discovered from the existing property files.
Username : ppetrou
Password recommendations are listed below. To modify these restrictions edit the
add-user.properties configuration file.
- The password should be different from the username
- The password should not be one of the following restricted values {root, admin,
administrator}
- The password should contain at least 8 characters, 1 alphabetic character(s), 1
digit(s), 1 non-alphanumeric symbol(s)
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or
leave blank for none)[ ]:
About to add user 'ppetrou' for realm 'ManagementRealm'
Is this correct yes/no? yes
Added user 'ppetrou' to file
'\opt\wildfly-10.0.0.Final\standalone\configuration\mgmt-users.properties'
Added user 'ppetrou' to file
'\opt\wildfly-10.0.0.Final\domain\configuration\mgmt-users.properties'
Added user 'ppetrou' with groups to file
'\opt\wildfly-10.0.0.Final\standalone\configuration\mgmt-groups.properties'
Added user 'ppetrou' with groups to file
'\opt\wildfly-10.0.0.Final\domain\configuration\mgmt-groups.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection
for server to server EJB calls.
yes/no? yes
To represent the user add the following to the server-identities definition <secret
value="d2VsY29tZTEh" />
Press any key to continue . . .
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)