[jboss-as7-dev] Relaxing password requirements for add-user script?

Jaikiran Pai jpai at redhat.com
Wed Oct 10 03:23:14 EDT 2012

I think it's been a while since I used the add-user script to add 
application users. Turns out the password for the new user is now 
checked for strength and the rules are a bit annoying [1], at least for 
me. As a developer, I just want to test a scenario for EJB invocations. 
I tried using "test" as a password and it failed with "too few 
characters". Then I tried "test12345" failed again with "your password 
should have combination of upper case, lower case, ...". I never have 
understood this specific requirement of passwords being forced to be of 
certain type (many sites do it). So, would it be possible to somehow 
relax this requirement?

I'm not a security expert, but is this "your password has to have upper 
case, lower case, digit, special char" requirement really worth it in a 
real application?



More information about the jboss-as7-dev mailing list