Please take a look at
http://docs.geoserver.org/stable/en/user/installation/upgrade.html
section "Obtaining a master password".
This algorithm works for upgrading from versions < 2.2 and for fresh
installations of 2.2.x. Since we have no migrated security directory in
2.2.x, a fresh installation will also trigger the security migration and
the result is always a randomly generated master password of 8 characters
stored in masterpw.info.
For versions 2.3.x, fresh installations will use an already migrated
security directory. To be consistent, I would like to generate a random
master password of 8 chars and store it into masterpw.info.
I dislike the idea of having a master password "geoserver". This password
should be reserved for the standard "admin" user.
Hope my idea becomes clearer :-)
2012/8/13 Justin Deoliveira <jdeol...@opengeo.org>
>
>
> On Mon, Aug 13, 2012 at 8:27 AM, Christian Mueller <mcrmc...@gmail.com>wrote:
>
>> Btw, it is not a good idea to have a keystore in the migrated security
>> directory. The default user group service uses encryption for passwords.
>> The key for encryption is stored in the key store. With a default keystore,
>> each geoserver installation would use the same secret key --> this is the
>> same as doing no encryption at all. The key store should be generated at
>> first time boot to ensure an individual encryption key for user passwords.
>> After the key is generated, we have to add the user "admin" with "password"
>> geoserver to the default user group service.
>>
>
> Right... what will happen now if a security config is migrated but no
> keystore exists? Anyways should be easy enough to create on demand.
>
>>
>> About the key store password "geoserver". I fear some confusion for our
>> users. We have a user admin with password geoserver and there is second
>> password (master password == key store password ) with the default value
>> "geoserver".
>
>
>> Your opinion ?
>
>
> Not sure what you are asking here...
>
>>
>>
>> 2012/8/13 Andrea Aime <andrea.a...@geo-solutions.it>
>>
>>> On Sun, Aug 12, 2012 at 9:03 AM, Christian Mueller
>>> <mcrmc...@gmail.com>wrote:
>>>
>>>> I solved https://jira.codehaus.org/browse/GEOS-5256 on 2.2.x and
>>>> 2.3.x. The detailed concept is described in the user guide, section
>>>> "upgrading".
>>>>
>>>> Some thoughts about 2.3.x. I would like to have a migrated security
>>>> directory for fresh installations. The default master password would be
>>>> "geoserver". During startup, the security subsystem tries to open the key
>>>> store using "geoserver". If this is possible, the subsystem generates a new
>>>> master password and executes a master password change and creates a file
>>>> containing the new master password.
>>>>
>>>
>>> I'm + 1on having a migrated security directory on trunk.
>>>
>>> At the same time, I'm not sure about making changes to the default
>>> password if we find it's "geoserver". We are already warning the
>>> admin that the password is unsafe, but imho we should not replace the
>>> admin will/judgement about changing it, it
>>> should not be something automatic
>>>
>>> Cheers
>>> Andrea
>>>
>>> --
>>> ==
>>> Our support, Your Success! Visit http://opensdi.geo-solutions.it for
>>> more information.
>>> ==
>>>
>>> Ing. Andrea Aime
>>> @geowolf
>>> Technical Lead
>>>
>>> GeoSolutions S.A.S.
>>> Via Poggio alle Viti 1187
>>> 55054 Massarosa (LU)
>>> Italy
>>> phone: +39 0584 962313
>>> fax: +39 0584 962313
>>> mob: +39 339 8844549
>>>
>>> http://www.geo-solutions.it
>>> http://twitter.com/geosolutions_it
>>>
>>> -------------------------------------------------------
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Geoserver-devel mailing list
>> Geoserver-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/geoserver-devel
>>
>>
>
>
> --
> Justin Deoliveira
> OpenGeo - http://opengeo.org
> Enterprise support for open source geospatial.
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-devel mailing list
Geoserver-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-devel
