Closed sphery closed 1 year ago
openhab-bot
commented
1 year ago This issue has been mentioned on openHAB Community. There might be relevant details there:
https://community.openhab.org/t/mainui-admin-password-length-is-limited-to-10-characters/143646/3
sphery
commented
1 year ago Please disregard this report. My testing was invalid. I didn't vary the password enough. It turned out that it was actually using unescaped special characters in the Karaf console that caused the problem with the 10-character limit (the 11th character needed escaping). Since you can encapsulate the password in quotes in the console, this isn't really a problem once you figure out that you can/how to do so.
I've been unable to see any issues when using the web UI to create an initial admin user with any of the special characters I've tried. So at this point, I'll have to assume it was a combination of having the password wrong when trying to log in initially, and then specifying the password incorrectly when changing it using Karaf console.
In short, the MainUI admin password, when specified in the web interface at initial configuration or in Karaf console, using
jaas:add-user, is limited to 10 characters and ignores any further characters specified. When logging in, specifying the greater-than-10-character password will result in a login failure, but specifying only the first 10 characters of the password specified at user creation will allow login.As described at https://community.openhab.org/t/mainui-admin-password-length-is-limited-to-10-characters/143646 , I created my MainUI admin user and password after installing openHAB 3 using the web interface. When doing so, I specified an 18-character password. When I needed to log back in, the 18-character password I specified didn't work, so I attempted to change it in Karaf console by deleting and re-creating the user. When submitting the
jaas:add-usercommand, the first 10 characters of the password were starred out, and the rest appeared as typed. Again, trying to log in with the 18-character password failed, but when I submitted only the first 10 characters as the password, login succeeded.I'm not sure if this is a desired limitation on password length, a limitation in Karaf, or an artifact of openHAB's or Karaf's use of JAAS callbacks, or just something that hadn't been noticed before. If it is intentional or a limitation imposed on openHAB by Karaf or whatever, it would be good to document it at https://www.openhab.org/docs/tutorial/first_steps.html#create-the-admin-user and, ideally, enforce it with the UI and matching length limitations. Otherwise, ideally, openHAB would support longer passwords for the MainUI admin user.