Return-Path: X-Original-To: apmail-jackrabbit-users-archive@minotaur.apache.org Delivered-To: apmail-jackrabbit-users-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id CE62064E3 for ; Fri, 24 Jun 2011 17:39:47 +0000 (UTC) Received: (qmail 90006 invoked by uid 500); 24 Jun 2011 17:39:47 -0000 Delivered-To: apmail-jackrabbit-users-archive@jackrabbit.apache.org Received: (qmail 89971 invoked by uid 500); 24 Jun 2011 17:39:46 -0000 Mailing-List: contact users-help@jackrabbit.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@jackrabbit.apache.org Delivered-To: mailing list users@jackrabbit.apache.org Received: (qmail 89963 invoked by uid 99); 24 Jun 2011 17:39:46 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Jun 2011 17:39:46 +0000 X-ASF-Spam-Status: No, hits=-0.7 required=5.0 tests=FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RFC_ABUSE_POST,SPF_PASS,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of chadmichaeldavis@gmail.com designates 209.85.214.42 as permitted sender) Received: from [209.85.214.42] (HELO mail-bw0-f42.google.com) (209.85.214.42) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 24 Jun 2011 17:39:39 +0000 Received: by bwz18 with SMTP id 18so6112333bwz.1 for ; Fri, 24 Jun 2011 10:39:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:in-reply-to:references:date :message-id:subject:from:to:content-type; bh=zX4Rb942AsZwuY3o0fyOBu7CM0+GNG6TvGwZdBA+Lqw=; b=ELIKLASesdP80RDU+RhorUEuLfkDSGDx+KqINJ/J5kOicmBEVrpC8SENUnqLxNTe3Y DBypctjyh4POy8ahgGCQeJf6WW2+yCzcoHmjoP25dXEKwE93Sn+w7gsuUfAyZIfaHzLL LZFWze0N7B+GzfzwKy/Cz0dCgHM12DJ5TPYlQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=cEvtiu36pcq8lYs4gyFb4UiePS5SuhYiZBAgELD1wqTObdNKknHnlYXKH8P4Md+VyI 9imJ+ONWcR7ZREVX41gjkpMEd+2B9+0ztw+8/2Fk32YQhQlNWZL12r2wyujmbQ9kdIPL vHeYUmRYE8WknU0aGBTKXuXetIKNa8U826MAs= MIME-Version: 1.0 Received: by 10.204.22.12 with SMTP id l12mr2269883bkb.178.1308937158796; Fri, 24 Jun 2011 10:39:18 -0700 (PDT) Received: by 10.204.83.136 with HTTP; Fri, 24 Jun 2011 10:39:18 -0700 (PDT) In-Reply-To: <4E043AE3.2070703@adobe.com> References: <4E043AE3.2070703@adobe.com> Date: Fri, 24 Jun 2011 11:39:18 -0600 Message-ID: Subject: Re: Security Questions From: ChadDavis To: users@jackrabbit.apache.org Content-Type: text/plain; charset=ISO-8859-1 X-Virus-Checked: Checked by ClamAV on apache.org Thanks Angela! >> 3) how do you configure the passowrd for the default admin and >> anonymous users? > > the passwords cannot be configured. > as far as the anonymous is concerned: this authorizable represents > the user for 'guestlogin' (GuestCredentials) and login without any > credentials. > If you can't configure the password on the default admin credentials, how are you supposed to close that security gap. Is the default admin intended as a bootstrap admin id? Can you disable the admin user, and, if so, how?