You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@karaf.apache.org by "Freeman Yue Fang (Jira)" <ji...@apache.org> on 2021/03/26 18:20:00 UTC
[jira] [Commented] (KARAF-3366) Generate a non-default password on
first startup
[ https://issues.apache.org/jira/browse/KARAF-3366?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17309629#comment-17309629 ]
Freeman Yue Fang commented on KARAF-3366:
-----------------------------------------
I think by default we should ship KARAF_HOME/etc/users.properties like
{code}
#karaf = karaf,_g_:admingroup
#_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
{code}
So we disable the well-known default user, and this means we actually disable the remote access. Any one who wants the remote access must explicitly edit KARAF_HOME/etc/users.properties first. This can make the default karaf kit more secure.
Freeman
> Generate a non-default password on first startup
> ------------------------------------------------
>
> Key: KARAF-3366
> URL: https://issues.apache.org/jira/browse/KARAF-3366
> Project: Karaf
> Issue Type: Wish
> Components: karaf
> Affects Versions: 3.0.2
> Reporter: Robert Varga
> Priority: Major
>
> In OpenDaylight we rely on Karaf as our pre-packaged download, which has the slight caveat that non-customized downloads can easily be vulnerable if users enable ssh with the default password.
> It would be nice if the startup script could generate a random password for root, so the installation is secure by default. Not sure what the impact will be on usability, though.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)