karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Commented] (KARAF-3366) Generate a non-default password on first startup
Date Tue, 18 Nov 2014 09:38:34 GMT

    [ https://issues.apache.org/jira/browse/KARAF-3366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14215990#comment-14215990
] 

Jean-Baptiste Onofré commented on KARAF-3366:
---------------------------------------------

Good idea. It makes sense to prompt at bootstrap.

> Generate a non-default password on first startup
> ------------------------------------------------
>
>                 Key: KARAF-3366
>                 URL: https://issues.apache.org/jira/browse/KARAF-3366
>             Project: Karaf
>          Issue Type: Wish
>          Components: karaf-security
>    Affects Versions: 3.0.2
>            Reporter: Robert Varga
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 4.0.0, 3.0.3
>
>
> In OpenDaylight we rely on Karaf as our pre-packaged download, which has the slight caveat
that non-customized downloads can easily be vulnerable if users enable ssh with the default
password.
> It would be nice if the startup script could generate a random password for root, so
the installation is secure by default. Not sure what the impact will be on usability, though.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message