[jira] Closed: (MRM-800) Admin user account user lockout via Webdav only?

Tue, 01 Jul 2008 22:33:57 -0700 

     [ 
http://jira.codehaus.org/browse/MRM-800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

James William Dumay closed MRM-800.
-----------------------------------

    Resolution: Cannot Reproduce

Thanks for reporting this issue Paul.

I tried reproducing with the instructions you provided but due to the changes 
in the WebDav layer of Archiva this issue is not present in the up coming 1.1 
release. 

Thanks
James

> Admin user account user lockout via Webdav only?
> ------------------------------------------------
>
>                 Key: MRM-800
>                 URL: http://jira.codehaus.org/browse/MRM-800
>             Project: Archiva
>          Issue Type: Bug
>          Components: Users/Security
>    Affects Versions: 1.0
>            Reporter: Paul Smith
>            Assignee: James William Dumay
>             Fix For: 1.1
>
>
> We've setup Archiva fairly basically here.  Out of the box unpack, no 
> additional users, so pretty much the admin user does everything.
> So, we setup the admin user with a simple password.  If someone however uses 
> Maven to attempt to deploy using this account, but has the admin password 
> wrong, it appears even after just one attempt, the admin user account is 
> locked.  We cannot even login to the web page anymore let alone deploy.  We 
> have been forced to trash the user/database directory and restart archiva and 
> reissue a new password.
> What is totally bizarre is that despite repeated attempts to enter incorrect 
> password details into the login page of Archiva I can't get it to trip this 
> same behaviour. It's as if only during the Maven deploy stage (which goes 
> through the WebDAV connector presumably) does this behaviour exhibit itself.
> Of course getting the password reset then causes further problems because the 
> when you try to get everyone to update their local Maven settings.xml, if one 
> person forgets and tries to deploy, then the admin account is locked again, 
> and we go through the whole cycle once more.
> Fits more in annoying side, just can't work out why this lockout happens only 
> in deploy mode.  I can't see anything in the logs either about this account 
> of interest.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: 
http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to