[
https://issues.apache.org/jira/browse/KARAF-3366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309629#comment-17309629
]
Freeman Yue Fang commented on KARAF-3366:
-----------------------------------------
I think by default we should ship KARAF_HOME/etc/users.properties like
{code}
#karaf = karaf,_g_:admingroup
#_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
{code}
So we disable the well-known default user, and this means we actually disable
the remote access. Any one who wants the remote access must explicitly edit
KARAF_HOME/etc/users.properties first. This can make the default karaf kit more
secure.
Freeman
> Generate a non-default password on first startup
> ------------------------------------------------
>
> Key: KARAF-3366
> URL: https://issues.apache.org/jira/browse/KARAF-3366
> Project: Karaf
> Issue Type: Wish
> Components: karaf
> Affects Versions: 3.0.2
> Reporter: Robert Varga
> Priority: Major
>
> In OpenDaylight we rely on Karaf as our pre-packaged download, which has the
> slight caveat that non-customized downloads can easily be vulnerable if users
> enable ssh with the default password.
> It would be nice if the startup script could generate a random password for
> root, so the installation is secure by default. Not sure what the impact will
> be on usability, though.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
