From users-return-8218-apmail-continuum-users-archive=continuum.apache.org@continuum.apache.org Tue Dec 07 12:47:54 2010 Return-Path: Delivered-To: apmail-continuum-users-archive@www.apache.org Received: (qmail 20229 invoked from network); 7 Dec 2010 12:47:54 -0000 Received: from unknown (HELO mail.apache.org) (140.211.11.3) by 140.211.11.9 with SMTP; 7 Dec 2010 12:47:54 -0000 Received: (qmail 20570 invoked by uid 500); 7 Dec 2010 12:47:54 -0000 Delivered-To: apmail-continuum-users-archive@continuum.apache.org Received: (qmail 20364 invoked by uid 500); 7 Dec 2010 12:47:53 -0000 Mailing-List: contact users-help@continuum.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@continuum.apache.org Delivered-To: mailing list users@continuum.apache.org Received: (qmail 20356 invoked by uid 99); 7 Dec 2010 12:47:53 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Dec 2010 12:47:53 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=10.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of wsmoak@gmail.com designates 209.85.161.43 as permitted sender) Received: from [209.85.161.43] (HELO mail-fx0-f43.google.com) (209.85.161.43) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Dec 2010 12:47:45 +0000 Received: by fxm18 with SMTP id 18so1074413fxm.2 for ; Tue, 07 Dec 2010 04:47:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:mime-version:received:in-reply-to :references:from:date:message-id:subject:to:content-type; bh=fOk0bXsqG3IOANsIVICG71TvZPskUHBXWkwevoBgV+A=; b=CRwQHPJxIfZJdRLnnyQbajLHMnNl5uHfJyDn3WXffWBvp6TFRN8wRMLCnqy5XXCIoU 8QE6pzfIrJ84MLTXpXUEn4mwjoZ69BQuz8FX4Q/+9wiQofh5WMbvNLey8Iy/Wjo0Srj4 j4Azfu7pG8sEKOKNllibkeoOXV0RpGpGMAfaE= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :content-type; b=LQfRImtGwyD/X5VKmhQ/spPa/r9CCrGzpe1Lvpt4YYb/dDeirmwTI87AX30ICgyzE6 uqFt5htn4DB6Pj/kZ06pzhYrSh3tHuv1paR38JeoAit6fCElC5IaUrecLXl+BOdfHWvW 9+tkFzMVZr+wlNutMokkXSbd69Tyeh1uPsLsI= Received: by 10.223.70.194 with SMTP id e2mr7041391faj.128.1291726045018; Tue, 07 Dec 2010 04:47:25 -0800 (PST) MIME-Version: 1.0 Received: by 10.223.4.215 with HTTP; Tue, 7 Dec 2010 04:47:04 -0800 (PST) In-Reply-To: References: From: Wendy Smoak Date: Tue, 7 Dec 2010 07:47:04 -0500 Message-ID: Subject: Re: Unusual behavior on continuum/redback To: users@continuum.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org On Tue, Dec 7, 2010 at 5:33 AM, Louis Smith wrote: > However, if you enter a valid ID, and leave the password field blank - you > are logged on as that user with all their rights and access. What version of Continuum (and Redback) are you using? My 1.3.6-based instances don't behave this way. The configuration is in conf/security.properties. Perhaps some combination of the configurable options has allowed this. -- Wendy