[Pki-devel] [Patch] Alternative CLI password methods (revised 20140807)

Matthew Harmsen mharmsen at redhat.com
Fri Aug 8 18:33:23 UTC 2014 

Everyone,

It occurs to me that I should mention the following regarding this patch 
- it has been written such that it trims all leading and trailing white 
space from the password when read in from a file (a somewhat 
controversial subject).

As I see it, we have four options:

 1. we could just go with a policy of always trimming white space from
    the password (as reflected by this patch),
 2. we could easily change the code to not trim white space from
    passwords, or
 3. we could add an optional boolean flag (e. g. - "--pristine" or
    "--pristine-password") that, when specified, causes white space on
    passwords to not be trimmed (default is to trim white space), or
 4. we could add an optional boolean flag (e. g. - "--trim" or
    "--trim-password") that, when specified, causes white space on
    passwords to be trimmed (default is not to trim white space).

If this is changed, both the code and the man page Caveat needs to be 
updated to reflect this decision (leading/trailing whitespace will 
continue to always be trimmed from any specified 'token').

I know that there are several schools of thought on this, so I would 
like to obtain a consensus opinion on this (if there is too much 
disagreement, I will implement option (3) above and be done with it).

Thanks,
-- Matt

On 08/07/14 21:20, Matthew Harmsen wrote:
> Please review the attached patch (revised) which implements 
> alternative CLI password methods to address the following PKI TRAC ticket:
>
>   * PKI TRAC Ticket #555 - Other ways to specify CLI password
>     <https://fedorahosted.org/pki/ticket/555>
>
> This revised patch attempts to address most of the comments to the 
> previous patch including:
>
>   * made numerous man page changes
>   * camelCased method names
>   * changed the password routine to utilize the '=' delimiter rather
>     than the ':' delimiter (more appropriate for Java)
>   * consolidated the two password file routines into a single routine
>     which supports 'token=password' format (as well as documenting and
>     providing man page examples for how to utilize this style of file
>     with a simple password)
>   * removed all warning messages from the password routine
>   * utilized suggestions to improve the password routine including
>     replacing the use of the StringUtils.split() method with the
>     String.split() method using a regex
>   * rewrote password routine to handle passwords that contained the
>     delimiter as a part of the password
>   * ditched 'DRM'
>   * removed consolidated error messages and exited immediately
>   * removed the '-y' option
>   * moved password prompting under the control of the pki CLI program
>     for both basic and client authentication
>   * removed previous changes to URI/URL
>   * removed previous changes to subsystem type
>   * added mutual exclusive test for "-n" (client authentication) vs.
>     "-u" (basic authentication) options
>   * added mutual dependency tests as needed
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140808/d2aace6a/attachment.htm>

More information about the Pki-devel mailing list