Admin user account user lockout via Webdav only?
------------------------------------------------
Key: MRM-800
URL: http://jira.codehaus.org/browse/MRM-800
Project: Archiva
Issue Type: Bug
Components: Users/Security
Affects Versions: 1.0
Reporter: Paul Smith
We've setup Archiva fairly basically here. Out of the box unpack, no
additional users, so pretty much the admin user does everything.
So, we setup the admin user with a simple password. If someone however uses
Maven to attempt to deploy using this account, but has the admin password
wrong, it appears even after just one attempt, the admin user account is
locked. We cannot even login to the web page anymore let alone deploy. We
have been forced to trash the user/database directory and restart archiva and
reissue a new password.
What is totally bizarre is that despite repeated attempts to enter incorrect
password details into the login page of Archiva I can't get it to trip this
same behaviour. It's as if only during the Maven deploy stage (which goes
through the WebDAV connector presumably) does this behaviour exhibit itself.
Of course getting the password reset then causes further problems because the
when you try to get everyone to update their local Maven settings.xml, if one
person forgets and tries to deploy, then the admin account is locked again, and
we go through the whole cycle once more.
Fits more in annoying side, just can't work out why this lockout happens only
in deploy mode. I can't see anything in the logs either about this account of
interest.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
