You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "James William Dumay (JIRA)" <ji...@codehaus.org> on 2008/07/02 07:33:26 UTC
[jira] Closed: (MRM-800) Admin user account user lockout via Webdav
only?
[ http://jira.codehaus.org/browse/MRM-800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
James William Dumay closed MRM-800.
-----------------------------------
Resolution: Cannot Reproduce
Thanks for reporting this issue Paul.
I tried reproducing with the instructions you provided but due to the changes in the WebDav layer of Archiva this issue is not present in the up coming 1.1 release.
Thanks
James
> Admin user account user lockout via Webdav only?
> ------------------------------------------------
>
> Key: MRM-800
> URL: http://jira.codehaus.org/browse/MRM-800
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security
> Affects Versions: 1.0
> Reporter: Paul Smith
> Assignee: James William Dumay
> Fix For: 1.1
>
>
> We've setup Archiva fairly basically here. Out of the box unpack, no additional users, so pretty much the admin user does everything.
> So, we setup the admin user with a simple password. If someone however uses Maven to attempt to deploy using this account, but has the admin password wrong, it appears even after just one attempt, the admin user account is locked. We cannot even login to the web page anymore let alone deploy. We have been forced to trash the user/database directory and restart archiva and reissue a new password.
> What is totally bizarre is that despite repeated attempts to enter incorrect password details into the login page of Archiva I can't get it to trip this same behaviour. It's as if only during the Maven deploy stage (which goes through the WebDAV connector presumably) does this behaviour exhibit itself.
> Of course getting the password reset then causes further problems because the when you try to get everyone to update their local Maven settings.xml, if one person forgets and tries to deploy, then the admin account is locked again, and we go through the whole cycle once more.
> Fits more in annoying side, just can't work out why this lockout happens only in deploy mode. I can't see anything in the logs either about this account of interest.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira