Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 233785 - Conflicting acceptable password rules between SSO Create Account form and RHN Register
Summary: Conflicting acceptable password rules between SSO Create Account form and RHN...
Alias: None
Product: Red Hat Network
Classification: Red Hat
Component: RHN/Backend
Version: rhn500
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Bryan Kearney
QA Contact: Corey Welton
Depends On:
TreeView+ depends on / blocked
Reported: 2007-03-25 00:05 UTC by Máirín Duffy
Modified: 2013-01-10 10:18 UTC (History)
4 users (show)

Fixed In Version: 5.0.3
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2007-10-02 16:38:17 UTC
Target Upstream Version:

Attachments (Terms of Use)

Description Máirín Duffy 2007-03-25 00:05:31 UTC
+++ This bug was initially created as a clone of Bug #233784 +++

Note: keeping bug public so customer can follow.

+++ This bug was initially created as a clone of Bug #233461 +++

Description of problem:


- password rejection message does not state the allowed/disallowed characters
nor the character max length limit. password rules seem strange as some non
numeric non letter characters are accepted but others are not. recommend that we
are more lenient in allowing these types of characters in passwords as it
increases potential security.

From customer:

"If I enterred a password that was too short I got a nice little message
telling me it had to be at least 6 characters long. If I entered one that long
or longer that was rejected as invalid I was given no clue as to why or what
characters were allowed or not. I'm guessing '<' was not a valid character but
it would have been easier to figure out if there were a little popup or
something that just explained the rules for passwords. I still find it weird
that '<' seems bad but ':' seems good.

Update from customer:

"I created an account which has a
password that includes the '[' character. This works fine on
RHN but when trying to register a guest VM during firstboot now
I discover that the character '[' is not accepted in the password
field preventing registration."

Things to look at:

- acceptable password rules for SSO account creation
- acceptable password rules for SSO account login
- acceptable password rules for RHN Register account creation
- acceptable password rules for RHN Register account login

-- Additional comment from on 2007-03-24 20:03 EST --

This might be useful...

Comment 1 Máirín Duffy 2007-03-25 01:02:23 UTC
update: only seems to be an issue with RHEL 5 system registrations. RHEL 4
registration client seems to accept the '[' character.

Comment 2 James Bowes 2007-09-07 18:49:18 UTC
Test plan:

Username/password/email validation is handled by userservice now, so you want to
go through creating users directly at
and through rhn_register
Make sure that the min/max length, allowed characters, password complexity rules
etc. match up.

Comment 4 Corey Welton 2007-09-11 13:26:44 UTC
QA Verified.

Note You need to log in before you can comment on or make changes to this bug.