[
https://issues.apache.org/jira/browse/MRM-1912?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Martin Stockhammer resolved MRM-1912.
-------------------------------------
Resolution: Cannot Reproduce
No response from requestor. Closing this issue.
> Guest password should never be reset
> -------------------------------------
>
> Key: MRM-1912
> URL: https://issues.apache.org/jira/browse/MRM-1912
> Project: Archiva
> Issue Type: Bug
> Components: redback, Users/Security, Web Interface
> Affects Versions: 2.2.0
> Environment: AWS, EC2, ECS, Docker, Ubuntu
> Reporter: Benjamin Heasly
> Priority: Major
> Labels: guest, password, security, ui
>
> This is an experience report from a user.
> I stood up a new Archiva instance about 90 days ago. As per default security
> configuration, user passwords began to expire recently.
> It seems that even the guest account has expired . As a result, guest access
> is now 403 Forbidden.
> Since the guest account is for anonymous access, and has no password, this
> account probably should be exempt from password expiration. Is this a bug?
> I can reset the guest password successfully, restoring access for this
> account. However, I cannot reset to the empty password using the web
> interface. The edit user form complains of the password field, "This field
> is required." Is this also a bug?
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
