11:20 p.m.
Please review the attached patch (revised) which implements alternative
CLI password methods to address the following PKI TRAC ticket:
* PKI TRAC Ticket #555 - Other ways to specify CLI password
<https://fedorahosted.org/pki/ticket/555>
This revised patch attempts to address most of the comments to the
previous patch including:
* made numerous man page changes
* camelCased method names
* changed the password routine to utilize the '=' delimiter rather
than the ':' delimiter (more appropriate for Java)
* consolidated the two password file routines into a single routine
which supports 'token=password' format (as well as documenting and
providing man page examples for how to utilize this style of file
with a simple password)
* removed all warning messages from the password routine
* utilized suggestions to improve the password routine including
replacing the use of the StringUtils.split() method with the
String.split() method using a regex
* rewrote password routine to handle passwords that contained the
delimiter as a part of the password
* ditched 'DRM'
* removed consolidated error messages and exited immediately
* removed the '-y' option
* moved password prompting under the control of the pki CLI program
for both basic and client authentication
* removed previous changes to URI/URL
* removed previous changes to subsystem type
* added mutual exclusive test for "-n" (client authentication) vs.
"-u" (basic authentication) options
* added mutual dependency tests as needed
1:33 p.m.
Everyone,
It occurs to me that I should mention the following regarding this patch
- it has been written such that it trims all leading and trailing white
space from the password when read in from a file (a somewhat
controversial subject).
As I see it, we have four options:
1. we could just go with a policy of always trimming white space from
the password (as reflected by this patch),
2. we could easily change the code to not trim white space from
passwords, or
3. we could add an optional boolean flag (e. g. - "--pristine" or
"--pristine-password") that, when specified, causes white space on
passwords to not be trimmed (default is to trim white space), or
4. we could add an optional boolean flag (e. g. - "--trim" or
"--trim-password") that, when specified, causes white space on
passwords to be trimmed (default is not to trim white space).
If this is changed, both the code and the man page Caveat needs to be
updated to reflect this decision (leading/trailing whitespace will
continue to always be trimmed from any specified 'token').
I know that there are several schools of thought on this, so I would
like to obtain a consensus opinion on this (if there is too much
disagreement, I will implement option (3) above and be done with it).
Thanks,
-- Matt
On 08/07/14 21:20, Matthew Harmsen wrote:
Please review the attached patch (revised) which implements
alternative CLI password methods to address the following PKI TRAC ticket:
* PKI TRAC Ticket #555 - Other ways to specify CLI password
<https://fedorahosted.org/pki/ticket/555>
This revised patch attempts to address most of the comments to the
previous patch including:
* made numerous man page changes
* camelCased method names
* changed the password routine to utilize the '=' delimiter rather
than the ':' delimiter (more appropriate for Java)
* consolidated the two password file routines into a single routine
which supports 'token=password' format (as well as documenting and
providing man page examples for how to utilize this style of file
with a simple password)
* removed all warning messages from the password routine
* utilized suggestions to improve the password routine including
replacing the use of the StringUtils.split() method with the
String.split() method using a regex
* rewrote password routine to handle passwords that contained the
delimiter as a part of the password
* ditched 'DRM'
* removed consolidated error messages and exited immediately
* removed the '-y' option
* moved password prompting under the control of the pki CLI program
for both basic and client authentication
* removed previous changes to URI/URL
* removed previous changes to subsystem type
* added mutual exclusive test for "-n" (client authentication) vs.
"-u" (basic authentication) options
* added mutual dependency tests as needed
_______________________________________________
Pki-devel mailing list
Pki-devel(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
3789
days inactive
3789
days old
1 comments
1 participants
participants (1)
-
Matthew Harmsen