[
https://issues.apache.org/jira/browse/SLING-6219?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15695408#comment-15695408
]
Bertrand Delacretaz commented on SLING-6219:
--------------------------------------------
I have added a warning in http://svn.apache.org/r1771262 when a user is created
with a plain text password: _Creating user {} with cleartext password - should
NOT be used on production systems_
No warning if the password is not specified (in which case I suppose the user
can only be used via impersonation?)
Note that until JCR-4050 is implemented, creating users with encoded/hashed
passwords is not supported, that would need changes in the {{UserVisitor}}
class that I just modified + corresponding tests.
> Allow to create users with repoinit
> -----------------------------------
>
> Key: SLING-6219
> URL: https://issues.apache.org/jira/browse/SLING-6219
> Project: Sling
> Issue Type: New Feature
> Components: JCR, Repoinit
> Reporter: Carsten Ziegeler
> Assignee: Carsten Ziegeler
> Fix For: Repoinit Parser 1.1.0, Repoinit JCR 1.1.0
>
>
> it seems it's not possible to create a user through the repoinit.
> This would be very useful for sample apps and testing. For example, the
> slingshot sample app currently needs an admin user to create the sample
> user accounts. And therefore slingshot needs to be in the whitelist for
> admin usage - which is not a good thing
> I suggest we add:
> create user {name}
> create user {name} {password}
> delete user {name}
> If no pw is provided for create user, we create a random pw
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
