You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2021/04/25 05:11:26 UTC
[karaf] branch main updated: [KARAF-7114] Document how to enable
karaf user (disabled for security reason)
This is an automated email from the ASF dual-hosted git repository.
jbonofre pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/karaf.git
The following commit(s) were added to refs/heads/main by this push:
new 847a9c8 [KARAF-7114] Document how to enable karaf user (disabled for security reason)
new 1b773e7 Merge pull request #1352 from jbonofre/KARAF-7114
847a9c8 is described below
commit 847a9c8dbfe9ca0c672be54c4da0427a8151f29e
Author: jbonofre <jb...@apache.org>
AuthorDate: Sat Apr 24 17:26:47 2021 +0200
[KARAF-7114] Document how to enable karaf user (disabled for security reason)
---
manual/src/main/asciidoc/user-guide/monitoring.adoc | 11 +++++++++++
manual/src/main/asciidoc/user-guide/remote.adoc | 11 +++++++++++
manual/src/main/asciidoc/user-guide/security.adoc | 11 +++++++++++
manual/src/main/asciidoc/user-guide/webconsole.adoc | 11 +++++++++++
4 files changed, 44 insertions(+)
diff --git a/manual/src/main/asciidoc/user-guide/monitoring.adoc b/manual/src/main/asciidoc/user-guide/monitoring.adoc
index 3dd6bb6..019825d 100644
--- a/manual/src/main/asciidoc/user-guide/monitoring.adoc
+++ b/manual/src/main/asciidoc/user-guide/monitoring.adoc
@@ -37,6 +37,17 @@ The JMX layer uses the security framework, and so, by default, it uses the users
You can change the port numbers of the JMX layer in the `etc/org.apache.karaf.management.cfg` configuration file.
+[NOTE]
+====
+For security reason, by default, `karaf` user is disabled. To allow the logon, you have to have an user. You can enable
+`karaf` user by uncommenting the user in `etc/users.properties`:
+
+----
+karaf = karaf,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
+----
+====
+
==== Configuration
The Apache Karaf JMX management layer is configured in the `etc/org.apache.karaf.management.cfg` configuration file:
diff --git a/manual/src/main/asciidoc/user-guide/remote.adoc b/manual/src/main/asciidoc/user-guide/remote.adoc
index d00e1f1..3fb0475 100644
--- a/manual/src/main/asciidoc/user-guide/remote.adoc
+++ b/manual/src/main/asciidoc/user-guide/remote.adoc
@@ -19,6 +19,17 @@ More over, you can also browse, download, and upload files remotely to a running
Apache Karaf embeds a complete SSHd server.
+[NOTE]
+====
+For security reason, by default, `karaf` user is disabled. To allow the logon, you have to have an user. You can enable
+`karaf` user by uncommenting the user in `etc/users.properties`:
+
+----
+karaf = karaf,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
+----
+====
+
==== SSHd server
When you start Apache Karaf, it enables a remote console that can be accessed over SSH.
diff --git a/manual/src/main/asciidoc/user-guide/security.adoc b/manual/src/main/asciidoc/user-guide/security.adoc
index a0209cf..caa4ce1 100644
--- a/manual/src/main/asciidoc/user-guide/security.adoc
+++ b/manual/src/main/asciidoc/user-guide/security.adoc
@@ -28,6 +28,17 @@ The Apache Karaf security framework is used internally to control the access to:
Your applications can also use the security framework (see the developer guide for details).
+[NOTE]
+====
+For security reason, by default, `karaf` user is disabled. To allow the logon, you have to have an user. You can enable
+`karaf` user by uncommenting the user in `etc/users.properties`:
+
+----
+karaf = karaf,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
+----
+====
+
==== Realms
Apache Karaf is able to manage multiple realms. A realm contains the definition of the login modules to use for the
diff --git a/manual/src/main/asciidoc/user-guide/webconsole.adoc b/manual/src/main/asciidoc/user-guide/webconsole.adoc
index 7eab902..2f05036 100644
--- a/manual/src/main/asciidoc/user-guide/webconsole.adoc
+++ b/manual/src/main/asciidoc/user-guide/webconsole.adoc
@@ -59,6 +59,17 @@ See the link:security[Security section] for details.
[NOTE]
====
+For security reason, by default, `karaf` user is disabled. To allow the logon, you have to have an user. You can enable
+`karaf` user by uncommenting the user in `etc/users.properties`:
+
+----
+karaf = karaf,_g_:admingroup
+_g_\:admingroup = group,admin,manager,viewer,systembundles,ssh
+----
+=====
+
+[NOTE]
+====
By default, only users with the `admin` role are allowed to logon to the Apache Karaf WebConsole.
Right now, the WebConsole doesn't use RBAC system as we have for console commands, or MBeans.
====