Benjamin Heasly created MRM-1912:
------------------------------------
Summary: Guest password should never be reset
Key: MRM-1912
URL: https://issues.apache.org/jira/browse/MRM-1912
Project: Archiva
Issue Type: Bug
Components: redback, Users/Security, Web Interface
Affects Versions: 2.2.0
Environment: AWS, EC2, ECS, Docker, Ubuntu
Reporter: Benjamin Heasly
This is an experience report from a user.
I stood up a new Archiva instance about 90 days ago. As per default security
configuration, user passwords began to expire recently.
It seems that even the guest account has expired . As a result, guest access
is now 403 Forbidden.
Since the guest account is for anonymous access, and has no password, this
account probably should be exempt from password expiration. Is this a bug?
I can reset the guest password successfully, restoring access for this account.
However, I cannot reset to the empty password using the web interface. The
edit user form complains of the password field, "This field is required." Is
this also a bug?
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
