Hi there, we are using Karaf 3.0.1 and the default authentication with encrypted passwords for the console. According to the manual (and our own observations) the password in users.properties becomes encrypted when a client connects to the console for the first time.
If you start Karaf using bin/start and do not use a client to connect to the console, the password never becomes encrypted, which - in my opinion - is a security issue. As a workaround it is possible to store an already encrypted password in users.properties. Is it possible to encrypt the password when Karaf starts (instead of first client login)? Regards Jochen -- View this message in context: http://karaf.922171.n3.nabble.com/Password-encryption-when-Karaf-3-0-1-starts-tp4040432.html Sent from the Karaf - User mailing list archive at Nabble.com.
