Hi Justin, On Sat, Jan 25, 2014 at 8:08 PM, Justin Edelson <jus...@justinedelson.com> wrote: >... >http://svn.apache.org/repos/asf/sling/trunk/bundles/extensions/healthcheck/support/src/main/java/org/apache/sling/hc/support/impl/DefaultLoginsHealthCheck.java > all say that this tests that the referenced accounts are "disabled" in > a production system. > > But AFAICT, this isn't actually the case. This test checks that a set > of credentials doesn't work. The test could fail because the account > is disabled OR because the password is incorrect - this check doesn't > differentiate cause....
You are correct, of course, the DefaultLoginsHealthCheck only checks that a login fails with specific credentials. Said credentials shouldn't be precious as they are not encrypted in the config. > > I'm happy to correct this, but could someone let me know the true > intention?... A typical use case is to verify that the admin:admin login fails on a production system. Feel free to rephrase the javadocs and metatype info to better express what this does, thanks! -Bertrand