You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Stephan Austermühle (Jira)" <ji...@apache.org> on 2020/11/24 18:58:00 UTC

[jira] [Commented] (ARTEMIS-3010) Document user management changes in 2.16.0

    [ https://issues.apache.org/jira/browse/ARTEMIS-3010?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17238319#comment-17238319 ] 

Stephan Austermühle commented on ARTEMIS-3010:
----------------------------------------------

For traditional setups you are absolutely right. However, when it comes to container based setups you want to ensure that the admin credentials are set to the desired target values before starting the broker to avoid security issues (a new or recreated instance should not start with default credentials, even for a short time). This becomes even more important when running multiple instances in a Kubernetes managed cluster.

Creating the files is trivial, of course, although the docs currently [recommend to go for the user admin tools|https://activemq.apache.org/components/artemis/documentation/latest/masking-passwords.html#generating-a-masked-password] instead of using {{artemis mask}}.

More consistency here would be great and helpful. The whole topic would be less irritating if there were more clear communications on the paradigm change ("use the tool and do not touch the files" vs. "simply change the file").

And, yes, fully agree, production accounts should definitely go into a directory service. 

> Document user management changes in 2.16.0
> ------------------------------------------
>
>                 Key: ARTEMIS-3010
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-3010
>             Project: ActiveMQ Artemis
>          Issue Type: Task
>    Affects Versions: 2.16.0
>            Reporter: Stephan Austermühle
>            Assignee: Justin Bertram
>            Priority: Minor
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> Until Artemis 2.15 it was possible to manage local users [just as describe in the docs|https://activemq.apache.org/components/artemis/documentation/latest/security.html]:
> {code}
> ./artemis user add --user guest --password guest --role admin
> {code}
> With 2.16, it looks like the broker has to be online before users can be managed:
> {code}
> ../artemis user add --user guest --password guest --role amq
> Connection brokerURL = tcp://localhost:61616
> --user-command-user: is a mandatory property!
> Please provide the username to use for the chosen user command:
> {code}
> So, currently, it seems to be impossible to configure admin credentials before starting the broker for the first time.
> In case of the behavioral change was intended, please update the docs. Otherwise, it seems to be a bug.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)