Re: Authentication handler
It's a SHA-256 hash since the changes for FELIX-4299 were committed[0]. Regards Julian [0] https://github.com/apache/felix/commit/22e313eadf4dc323a1ed364f20f3fb4dfc1f6791 On Tue, Oct 4, 2016 at 5:54 PM, Rob Ryan wrote: > Does the webconsole authentication store the password hashed or plaintext? > > -Rob > > > On 10/4/16, 8:22 AM, "Stefan Seifert" wrote: > > when the repository is up and running the repository authentication is > used for web console as well. > but during startup phase, or when the repository is down/unavailable the > authentication built into the web console itself takes place. > > you need to change the admin password in the osgi config "Apache Felix > OSGi Management Console" as well. esp. on production systems or you have a > security leak if the repository is not available for whatever reason. > > stefan > > >-Original Message- > >From: Roy Teeuwen [mailto:r...@teeuwen.be] > >Sent: Tuesday, October 4, 2016 4:45 PM > >To: users@sling.apache.org > >Subject: Authentication handler > > > >Hey all, > > > >When starting up our sling instance, if you go to /system/console in the > >VERY beginning (like 1-3 seconds after doing a startup), it is possible > to > >log in with admin/admin, even when the admin password has been changed to > >something else. > >What bundle has to come active for this hardcoded default login not to > work > >anymore? > > > >Greetings, > >Roy > > >
Re: Authentication handler
Does the webconsole authentication store the password hashed or plaintext? -Rob On 10/4/16, 8:22 AM, "Stefan Seifert" wrote: when the repository is up and running the repository authentication is used for web console as well. but during startup phase, or when the repository is down/unavailable the authentication built into the web console itself takes place. you need to change the admin password in the osgi config "Apache Felix OSGi Management Console" as well. esp. on production systems or you have a security leak if the repository is not available for whatever reason. stefan >-Original Message- >From: Roy Teeuwen [mailto:r...@teeuwen.be] >Sent: Tuesday, October 4, 2016 4:45 PM >To: users@sling.apache.org >Subject: Authentication handler > >Hey all, > >When starting up our sling instance, if you go to /system/console in the >VERY beginning (like 1-3 seconds after doing a startup), it is possible to >log in with admin/admin, even when the admin password has been changed to >something else. >What bundle has to come active for this hardcoded default login not to work >anymore? > >Greetings, >Roy
Re: Authentication handler
Hey Stefan, Thanks! Exactly what I was looking for then ;) Greets, Roy > On 4 Oct 2016, at 17:22, Stefan Seifert wrote: > > when the repository is up and running the repository authentication is used > for web console as well. > but during startup phase, or when the repository is down/unavailable the > authentication built into the web console itself takes place. > > you need to change the admin password in the osgi config "Apache Felix OSGi > Management Console" as well. esp. on production systems or you have a > security leak if the repository is not available for whatever reason. > > stefan > >> -Original Message- >> From: Roy Teeuwen [mailto:r...@teeuwen.be] >> Sent: Tuesday, October 4, 2016 4:45 PM >> To: users@sling.apache.org >> Subject: Authentication handler >> >> Hey all, >> >> When starting up our sling instance, if you go to /system/console in the >> VERY beginning (like 1-3 seconds after doing a startup), it is possible to >> log in with admin/admin, even when the admin password has been changed to >> something else. >> What bundle has to come active for this hardcoded default login not to work >> anymore? >> >> Greetings, >> Roy >
RE: Authentication handler
when the repository is up and running the repository authentication is used for web console as well. but during startup phase, or when the repository is down/unavailable the authentication built into the web console itself takes place. you need to change the admin password in the osgi config "Apache Felix OSGi Management Console" as well. esp. on production systems or you have a security leak if the repository is not available for whatever reason. stefan >-Original Message- >From: Roy Teeuwen [mailto:r...@teeuwen.be] >Sent: Tuesday, October 4, 2016 4:45 PM >To: users@sling.apache.org >Subject: Authentication handler > >Hey all, > >When starting up our sling instance, if you go to /system/console in the >VERY beginning (like 1-3 seconds after doing a startup), it is possible to >log in with admin/admin, even when the admin password has been changed to >something else. >What bundle has to come active for this hardcoded default login not to work >anymore? > >Greetings, >Roy