In EAP 6, the add-user utility rejected passwords that didn't meet specific strength criteria. In EAP 7, such passwords are accepted with a warning.
This is a behavioral change that should probably be mentioned in the Migration Guide. On the other hand, the change is "backwards compatible", so one or two sentences max would be good enough.
I'd suggest adding a chapter under Chapter 6. Miscellaneous Changes, something like:
6.3. Changes to JBoss EAP Scripts
The add-user script rejected weak passwords in JBoss EAP 6. In JBoss EAP 7, weak passwords are accepted and a warning is issued. See https://access.qa.redhat.com/documentation/en/red-hat-jboss-enterprise-application-platform/version-7.0.beta/configuration-guide/#setting_add_user_password_restrictions for information how to reconfigure this policy.
See JBEAP-1094 for more details.
- relates to
-
JBEAP-1094 Add-user script should reject weak passwords
- Closed