[
http://jira.codehaus.org/browse/MRM-800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brett Porter updated MRM-800:
-----------------------------
Fix Version/s: 1.1
I think this might be corrected already in 1.1. We should verify - if not, it
might be scheduled for 1.1.x, but it's important to get sorted out.
> Admin user account user lockout via Webdav only?
> ------------------------------------------------
>
> Key: MRM-800
> URL: http://jira.codehaus.org/browse/MRM-800
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security
> Affects Versions: 1.0
> Reporter: Paul Smith
> Fix For: 1.1
>
>
> We've setup Archiva fairly basically here. Out of the box unpack, no
> additional users, so pretty much the admin user does everything.
> So, we setup the admin user with a simple password. If someone however uses
> Maven to attempt to deploy using this account, but has the admin password
> wrong, it appears even after just one attempt, the admin user account is
> locked. We cannot even login to the web page anymore let alone deploy. We
> have been forced to trash the user/database directory and restart archiva and
> reissue a new password.
> What is totally bizarre is that despite repeated attempts to enter incorrect
> password details into the login page of Archiva I can't get it to trip this
> same behaviour. It's as if only during the Maven deploy stage (which goes
> through the WebDAV connector presumably) does this behaviour exhibit itself.
> Of course getting the password reset then causes further problems because the
> when you try to get everyone to update their local Maven settings.xml, if one
> person forgets and tries to deploy, then the admin account is locked again,
> and we go through the whole cycle once more.
> Fits more in annoying side, just can't work out why this lockout happens only
> in deploy mode. I can't see anything in the logs either about this account
> of interest.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
