[jboss-jira] [JBoss JIRA] (WFCORE-1759) add-user.sh does not return the secret value in non-interactive mode.

Ivo Hrádek (JIRA) issues at jboss.org
Fri Sep 2 08:55:00 EDT 2016 

    [ https://issues.jboss.org/browse/WFCORE-1759?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13287845#comment-13287845 ] 

Ivo Hrádek edited comment on WFCORE-1759 at 9/2/16 8:54 AM:
------------------------------------------------------------

Hi [~ppetrou], are you working on this?
The secret value is just user's password encoded in base64, so probably you don't want to show this value on the output every time. So, I think displaying this value should be optional as in case of interactive mode.

Meanwhile, I have implemented a simple flag "--secret" or "-sv" and made a PR [1], with following behavior:
 - If it was provided in non-interactive mode, the secret value would be printed, otherwise no,
 - If it was provided in interactive mode, the secret value would be printed, without prompting for "yes/no",
 - If it was provided in non-interactive mode together with "--silent" option, it wouldn't be printed.

btw: I think this JIRA should be more suitable for WFCORE.

EDIT1: flags has been changed to "--display-secret" and "-ds";
--
[1] https://github.com/wildfly/wildfly-core/pull/1771


was (Author: ihradek):
Hi [~ppetrou], are you working on this?
The secret value is just user's password encoded in base64, so probably you don't want to show this value on the output every time. So, I think displaying this value should be optional as in case of interactive mode.

Meanwhile, I have implemented a simple flag "--secret" or "-sv" and made a PR [1], with following behavior:
 - If it was provided in non-interactive mode, the secret value would be printed, otherwise no,
 - If it was provided in interactive mode, the secret value would be printed, without prompting for "yes/no",
 - If it was provided in non-interactive mode together with "--silent" option, it wouldn't be printed.

btw: I think this JIRA should be more suitable for WFCORE.
--
[1] https://github.com/wildfly/wildfly-core/pull/1771

> add-user.sh does not return the secret value in non-interactive mode.
> ---------------------------------------------------------------------
>
>                 Key: WFCORE-1759
>                 URL: https://issues.jboss.org/browse/WFCORE-1759
>             Project: WildFly Core
>          Issue Type: Feature Request
>          Components: Security
>            Reporter: Petros Petrou
>            Assignee: Ivo Hrádek
>            Priority: Minor
>             Fix For: 3.0.0.Alpha8
>
>
> Running add-user.sh in non-interactive mode does not return the secret value of the password. It would be a useful feature when automating user creation using platform build software.
> Non-Interactive Mode
> =============
> add-user.sh --user domainuser --password welcome1!
> Added user 'domainuser' to file '\opt\wildfly-10.0.0\standalone\configuration\mgmt-users.properties'
> Added user 'domainuser' to file '\opt\wildfly-10.0.0.Final\domain\configuration\mgmt-users.properties'
> Press any key to continue . . .
> Interactive Mode
> =============
> What type of user do you wish to add?
>  a) Management User (mgmt-users.properties)
>  b) Application User (application-users.properties)
> (a): a
> Enter the details of the new user to add.
> Using realm 'ManagementRealm' as discovered from the existing property files.
> Username : ppetrou
> Password recommendations are listed below. To modify these restrictions edit the add-user.properties configuration file.
>  - The password should be different from the username
>  - The password should not be one of the following restricted values {root, admin, administrator}
>  - The password should contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1 non-alphanumeric symbol(s)
> Password :
> Re-enter Password :
> What groups do you want this user to belong to? (Please enter a comma separated list, or leave blank for none)[  ]:
> About to add user 'ppetrou' for realm 'ManagementRealm'
> Is this correct yes/no? yes
> Added user 'ppetrou' to file '\opt\wildfly-10.0.0.Final\standalone\configuration\mgmt-users.properties'
> Added user 'ppetrou' to file '\opt\wildfly-10.0.0.Final\domain\configuration\mgmt-users.properties'
> Added user 'ppetrou' with groups  to file '\opt\wildfly-10.0.0.Final\standalone\configuration\mgmt-groups.properties'
> Added user 'ppetrou' with groups  to file '\opt\wildfly-10.0.0.Final\domain\configuration\mgmt-groups.properties'
> Is this new user going to be used for one AS process to connect to another AS process?
> e.g. for a slave host controller connecting to the master or for a Remoting connection for server to server EJB calls.
> yes/no? yes
> To represent the user add the following to the server-identities definition <secret value="d2VsY29tZTEh" />
> Press any key to continue . . .



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the jboss-jira mailing list