[karaf] branch main updated: [KARAF-7114] Document how to enable karaf user (disabled for security reason)

Sat, 24 Apr 2021 22:11:31 -0700 

This is an automated email from the ASF dual-hosted git repository.

jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/karaf.git


The following commit(s) were added to refs/heads/main by this push:
     new 847a9c8  [KARAF-7114] Document how to enable karaf user (disabled for 
security reason)
     new 1b773e7  Merge pull request #1352 from jbonofre/KARAF-7114
847a9c8 is described below

commit 847a9c8dbfe9ca0c672be54c4da0427a8151f29e
Author: jbonofre <[email protected]>
AuthorDate: Sat Apr 24 17:26:47 2021 +0200

    [KARAF-7114] Document how to enable karaf user (disabled for security 
reason)
---
 manual/src/main/asciidoc/user-guide/monitoring.adoc | 11 +++++++++++
 manual/src/main/asciidoc/user-guide/remote.adoc     | 11 +++++++++++
 manual/src/main/asciidoc/user-guide/security.adoc   | 11 +++++++++++
 manual/src/main/asciidoc/user-guide/webconsole.adoc | 11 +++++++++++
 4 files changed, 44 insertions(+)

diff --git a/manual/src/main/asciidoc/user-guide/monitoring.adoc 
b/manual/src/main/asciidoc/user-guide/monitoring.adoc
index 3dd6bb6..019825d 100644
--- a/manual/src/main/asciidoc/user-guide/monitoring.adoc
+++ b/manual/src/main/asciidoc/user-guide/monitoring.adoc
@@ -37,6 +37,17 @@ The JMX layer uses the security framework, and so, by 
default, it uses the users
 
 You can change the port numbers of the JMX layer in the 
`etc/org.apache.karaf.management.cfg` configuration file.
 
+[NOTE]
+====
+For security reason, by default, `karaf` user is disabled. To allow the logon, 
you have to have an user. You can enable
+`karaf` user by uncommenting the user in `etc/users.properties`:
+
+----
+karaf = karaf,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
+----
+====
+
 ==== Configuration
 
 The Apache Karaf JMX management layer is configured in the 
`etc/org.apache.karaf.management.cfg` configuration file:
diff --git a/manual/src/main/asciidoc/user-guide/remote.adoc 
b/manual/src/main/asciidoc/user-guide/remote.adoc
index d00e1f1..3fb0475 100644
--- a/manual/src/main/asciidoc/user-guide/remote.adoc
+++ b/manual/src/main/asciidoc/user-guide/remote.adoc
@@ -19,6 +19,17 @@ More over, you can also browse, download, and upload files 
remotely to a running
 
 Apache Karaf embeds a complete SSHd server.
 
+[NOTE]
+====
+For security reason, by default, `karaf` user is disabled. To allow the logon, 
you have to have an user. You can enable
+`karaf` user by uncommenting the user in `etc/users.properties`:
+
+----
+karaf = karaf,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
+----
+====
+
 ==== SSHd server
 
 When you start Apache Karaf, it enables a remote console that can be accessed 
over SSH.
diff --git a/manual/src/main/asciidoc/user-guide/security.adoc 
b/manual/src/main/asciidoc/user-guide/security.adoc
index a0209cf..caa4ce1 100644
--- a/manual/src/main/asciidoc/user-guide/security.adoc
+++ b/manual/src/main/asciidoc/user-guide/security.adoc
@@ -28,6 +28,17 @@ The Apache Karaf security framework is used internally to 
control the access to:
 
 Your applications can also use the security framework (see the developer guide 
for details).
 
+[NOTE]
+====
+For security reason, by default, `karaf` user is disabled. To allow the logon, 
you have to have an user. You can enable
+`karaf` user by uncommenting the user in `etc/users.properties`:
+
+----
+karaf = karaf,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
+----
+====
+
 ==== Realms
 
 Apache Karaf is able to manage multiple realms. A realm contains the 
definition of the login modules to use for the
diff --git a/manual/src/main/asciidoc/user-guide/webconsole.adoc 
b/manual/src/main/asciidoc/user-guide/webconsole.adoc
index 7eab902..2f05036 100644
--- a/manual/src/main/asciidoc/user-guide/webconsole.adoc
+++ b/manual/src/main/asciidoc/user-guide/webconsole.adoc
@@ -59,6 +59,17 @@ See the link:security[Security section] for details.
 
 [NOTE]
 ====
+For security reason, by default, `karaf` user is disabled. To allow the logon, 
you have to have an user. You can enable
+`karaf` user by uncommenting the user in `etc/users.properties`:
+
+----
+karaf = karaf,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
+----
+=====
+
+[NOTE]
+====
 By default, only users with the `admin` role are allowed to logon to the 
Apache Karaf WebConsole.
 Right now, the WebConsole doesn't use RBAC system as we have for console 
commands, or MBeans.
 ====

Reply via email to