It's a SHA-256 hash since the changes for FELIX-4299 were committed[0]. Regards Julian
[0] https://github.com/apache/felix/commit/22e313eadf4dc323a1ed364f20f3fb4dfc1f6791 On Tue, Oct 4, 2016 at 5:54 PM, Rob Ryan <[email protected]> wrote: > Does the webconsole authentication store the password hashed or plaintext? > > -Rob > > > On 10/4/16, 8:22 AM, "Stefan Seifert" <[email protected]> wrote: > > when the repository is up and running the repository authentication is > used for web console as well. > but during startup phase, or when the repository is down/unavailable the > authentication built into the web console itself takes place. > > you need to change the admin password in the osgi config "Apache Felix > OSGi Management Console" as well. esp. on production systems or you have a > security leak if the repository is not available for whatever reason. > > stefan > > >-----Original Message----- > >From: Roy Teeuwen [mailto:[email protected]] > >Sent: Tuesday, October 4, 2016 4:45 PM > >To: [email protected] > >Subject: Authentication handler > > > >Hey all, > > > >When starting up our sling instance, if you go to /system/console in the > >VERY beginning (like 1-3 seconds after doing a startup), it is possible > to > >log in with admin/admin, even when the admin password has been changed to > >something else. > >What bundle has to come active for this hardcoded default login not to > work > >anymore? > > > >Greetings, > >Roy > > >
