<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">Everyone,<br>
<br>
It occurs to me that I should mention the following regarding this
patch - it has been written such that it trims all leading and
trailing white space from the password when read in from a file (a
somewhat controversial subject).<br>
<br>
As I see it, we have four options:<br>
<ol>
<li>we could just go with a policy of always trimming white
space from the password (as reflected by this patch),<br>
</li>
<li>we could easily change the code to not trim white space from
passwords, or</li>
<li>we could add an optional boolean flag (e. g. - "--pristine"
or "--pristine-password") that, when specified, causes white
space on passwords to not be trimmed (default is to trim white
space), or</li>
<li>we could add an optional boolean flag (e. g. - "--trim" or
"--trim-password") that, when specified, causes white space on
passwords to be trimmed (default is not to trim white space).<br>
</li>
</ol>
<p>If this is changed, both the code and the man page Caveat needs
to be updated to reflect this decision (leading/trailing
whitespace will continue to always be trimmed from any specified
'token').<br>
</p>
<p>I know that there are several schools of thought on this, so I
would like to obtain a consensus opinion on this (if there is
too much disagreement, I will implement option (3) above and be
done with it).<br>
</p>
<p>Thanks,<br>
-- Matt<br>
</p>
On 08/07/14 21:20, Matthew Harmsen wrote:<br>
</div>
<blockquote cite="mid:53E4500D.7030505@redhat.com" type="cite">
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<tt>Please review the attached patch (revised) which implements
alternative CLI password methods to address the following PKI
TRAC ticket:</tt><tt><br>
</tt><tt> </tt><tt> </tt>
<ul>
<li><tt><a moz-do-not-send="true"
href="https://fedorahosted.org/pki/ticket/555">PKI TRAC
Ticket #555 - Other ways to specify CLI password</a></tt></li>
</ul>
<tt>This revised patch attempts to address most of the comments to
the previous patch including:</tt><tt><br>
</tt><tt> </tt>
<ul>
<li><tt>made numerous man page changes</tt></li>
<li><tt>camelCased method names<br>
</tt></li>
<li><tt>changed the password routine to utilize the '='
delimiter rather than the ':' delimiter (more appropriate
for Java)</tt><tt><br>
</tt> </li>
<li><tt>consolidated the two password file routines into a
single routine which supports 'token=password' format (as
well as documenting and providing man page examples for how
to utilize this style of file with a simple password)</tt></li>
<li><tt>removed all warning messages from the password routine<br>
</tt></li>
<li><tt>utilized suggestions to improve the password routine
including replacing the use of the StringUtils.split()
method with the String.split() method using a regex </tt></li>
<li><tt>rewrote password routine to handle passwords that
contained the delimiter as a part of the password</tt><tt><br>
</tt> </li>
<li><tt>ditched 'DRM'<br>
</tt></li>
<li><tt>removed consolidated error messages and exited
immediately<br>
</tt></li>
<li><tt>removed the '-y' option<br>
</tt></li>
<li><tt>moved password prompting under the control of the pki
CLI program for both basic and client authentication<br>
</tt></li>
<li><tt>removed previous changes to URI/URL<br>
</tt></li>
<li><tt>removed previous changes to subsystem type</tt></li>
<li><tt>added mutual exclusive test for "-n" (client
authentication) vs. "-u" (basic authentication) options</tt></li>
<li><tt>added mutual dependency tests as needed</tt></li>
</ul>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Pki-devel mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-devel@redhat.com">Pki-devel@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-devel">https://www.redhat.com/mailman/listinfo/pki-devel</a></pre>
</blockquote>
<br>
</body>
</html>