AWS res documentation change
Summary
Added documentation about secret format requirements for Active Directory service accounts, including username format restrictions and example image reference
Security assessment
The change clarifies proper credential formatting but does not address a specific security vulnerability. While credential management is security-adjacent, there's no evidence this change fixes an existing vulnerability or weakness.
Diff
diff --git a/res/latest/ug/prerequisites.md b/res/latest/ug/prerequisites.md index dcbeb9e32..e2969a513 100644 --- a//res/latest/ug/prerequisites.md +++ b//res/latest/ug/prerequisites.md @@ -190 +190,7 @@ When creating your Secret in the Secrets Manager, choose **Other type of secrets -If you choose Microsoft Active Directory (AD) as the identity source for RES, you have a Service Account in your AD that allows for programmatic access. You must pass a secret with the Service Account's credentials as part of your RES installation. The Service Account is responsible for the following functions: +If you choose Microsoft Active Directory (AD) as the identity source for RES, you have a Service Account in your AD that allows for programmatic access. You must pass a secret with the Service Account's credentials as part of your RES installation. The secret must have the format shown here. + + + +Also note that the `username` field doesn't support NT-style logon names of the format `DOMAIN\username`. + +The Service Account is responsible for the following functions: