[MRM-1912] Guest password should never be reset - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Cannot Reproduce
Affects Version/s: 2.2.0
Fix Version/s: None
Component/s: redback, Users/Security, Web Interface
Labels:
- guest
- password
- security
- ui
Environment:
AWS, EC2, ECS, Docker, Ubuntu

Description

This is an experience report from a user.

I stood up a new Archiva instance about 90 days ago. As per default security configuration, user passwords began to expire recently.

It seems that even the guest account has expired . As a result, guest access is now 403 Forbidden.

Since the guest account is for anonymous access, and has no password, this account probably should be exempt from password expiration. Is this a bug?

I can reset the guest password successfully, restoring access for this account. However, I cannot reset to the empty password using the web interface. The edit user form complains of the password field, "This field is required." Is this also a bug?

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Benjamin Heasly

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 18/Feb/16 19:09

Updated:: 10/Mar/19 15:55

Resolved:: 10/Mar/19 15:55