Hi Ron,
About these issues I mentioned last month, you said the right people are
looking at them. Could you tell me who you were referring to?
I have raised two issues in the bug tracker as you suggested but they
did not get assigned.
https://glassfish.dev.java.net/issues/show_bug.cgi?id=7133
https://glassfish.dev.java.net/issues/show_bug.cgi?id=7134
From your answer, I did not quite understand what you think is the way
it should work:
For #7133, do you think passwords of less than 8 characters should not
be allowed (i.e. preferable to add the restriction to the Admin Console
too)?
For #7134, do you think multibyte characters in user names should not be
allowed (i.e. preferable to add the restriction to the Admin Console)?
And do you think the same should apply for passwords (i.e. preferable to
add the restriction to both the Admin Console and asadmin
change-master-password)?
Thanks,
Dies
>> Ron Monzillo wrote:
>>
>>> Dies Koper wrote:
>>>
>>>> Hi Shing Wai, Ron,
>>>>
>>>> I believe you are the owner of the modules the questions I posed
>>>> last week relate to.
>>>> I have another related question and was hoping you could help me.
>>>>
>>>> 3.
>>>> I confirmed that I can use multibyte characters in a password
>>>> (tried with asadmin change-master-password). Why do you allow
>>>> non-ASCII characters for the password but not for the user name?
>>>>
>>> Dies,
>>>
>>> This appears to be an over-sight or limitation of the implementation.
>>>
>>> The module owner for security has changed, and at least the first 2
>>> issues you raised also involve the admin module. I believe the right
>>> people are looking into this.
>>>
>>> If you have not done so already, please create an issue as that will
>>> ensure that it gets assigned and addressed.
>>>
>>> Ron
>>>
>>>> Thanks!
>>>> Dies
>>>>
>>>>
>>>> Dies Koper wrote:
>>>>
>>>>> Hi,
>>>>>
>>>>> We are trying to determine what characters GlassFish supports for
>>>>> use as
>>>>> in User IDs and passwords in File realm. The characters accepted when
>>>>> using asadmin are different from when using the Admin console.
>>>>> I have a few questions.
>>>>>
>>>>> 1.
>>>>> The Admin Console has the following comment:
>>>>> Name of a user to be granted access to this realm; name can be up to
>>>>> 255 characters, must contain only alphanumeric, underscore, dash,
>>>>> or dot
>>>>> characters
>>>>>
>>>>> It is my understanding that "alphanumeric" does not include multibyte
>>>>> (Japanese) characters. However, if I include other symbols ('+', etc.)
>>>>> I get an error message while if I include Japanese characters
>>>>> (multibyte), they are accepted.
>>>>> Are multibyte characters supported here or not?
>>>>>
>>>>> 2.
>>>>> Using the asadmin change-admin-password command you cannot change a
>>>>> password from or to something less than 8 characters. Using the Admin
>>>>> Console (Security>Realms>admin-realm) you /can/ change the password to
>>>>> something less than 8 characters (and therefore make it impossible to
>>>>> change afterwards with the asadmin command).
>>>>> Wouldn't it be better to have the limitation be enforced consistently
>>>>> (or not at all)?
>>>>>
>>>>> Thanks,
>>>>> Dies
>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>
>
>
--
Dies KOPER <diesk_at_fast.au.fujitsu.com> (<-changed in July 2008)
Fujitsu Australia Software Technology (FAST) - ORC team
Tel. +61 2 9452 9061 (internal 7985-29061)