Archiva will not stop forcing password resets!

[Zach Cox <zc...@gmail.com>]

We installed Archiva 1.1 last summer for internal project use.  When creating
every user in the system, we always uncheck the "Force User to Change
Password" checkbox in User Management, because it's incredibly annoying and
completely unnecessary for us.

However, since we installed Archiva it has forced all of our users to change
their passwords several times.  During this latest round of forced password
changes, all of the users seem to get Locked even after they successfully
change the password.  Even if I sign in as admin and unlock them, as soon as
they try to sign-in again Archiva immediately locks them and they cannot
sign in.  I'm not sure how to fix this other than to delete all of the users
and re-create them (which is just ridiculous - there has to be a better
way).

I've seen lots of messages on the mailing list about this force password
change/locked user problem, but no one ever seems to offer any definitive
answers or workarounds.

Is there a way in Archiva 1.1 to COMPLETELY disable this forced password
changing?  Also, in Archiva 1.1 how can I ACTUALLY unlock users so they can
continue to use the system?

Thanks,
Zach
-- 
View this message in context: http://www.nabble.com/Archiva-will-not-stop-forcing-password-resets%21-tp21792131p21792131.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: AW: Archiva will not stop forcing password resets!

[Zach Cox <zc...@gmail.com>]

So security.properties is now in 3 places on our server:
 - /usr/local/apache-archiva-1.1/conf
 - /var/lib/archiva/conf
 - ~/.m2

I restarted archiva and I still see the same behavior: I can sign in with
the admin user, but when I try to sign in as another user, it doesn't sign
in, no error messages, just takes me to the Search screen.  If I then sign
in as admin again, that other user is locked under User Management.  Even if
I change that user's password as the admin, I still can't sign in with that
other user.

Any ideas on how to make Archiva just be happy with this other user, and not
keep locking them out?



Wendy Smoak-3 wrote:
> 
> On Mon, Feb 9, 2009 at 8:10 AM, Zach Cox <zc...@gmail.com> wrote:
>>
>> Thanks KUno, that looks promising.  I'm running the Archiva 1.1
>> standalone,
>> not through Tomcat.  Do you know where I should put that
>> security.properties
>> file?
> 
> In the standalone install, you can put it in the 'conf' directory.
> 
> http://archiva.apache.org/docs/1.2-M1/adminguide/customising-security.html
> 
> -- 
> Wendy
> 
> 

-- 
View this message in context: http://www.nabble.com/Archiva-will-not-stop-forcing-password-resets%21-tp21792131p21935069.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: AW: Archiva will not stop forcing password resets!

[Wendy Smoak <ws...@gmail.com>]

On Mon, Feb 9, 2009 at 8:10 AM, Zach Cox <zc...@gmail.com> wrote:
>
> Thanks KUno, that looks promising.  I'm running the Archiva 1.1 standalone,
> not through Tomcat.  Do you know where I should put that security.properties
> file?

In the standalone install, you can put it in the 'conf' directory.

http://archiva.apache.org/docs/1.2-M1/adminguide/customising-security.html

-- 
Wendy

AW: AW: Archiva will not stop forcing password resets!

["Baeriswyl Kuno - Extern (IT-BA-MV)" <ku...@sbb.ch>]

no. but try to put it in the directory where you start the app.

-----Urspr?ngliche Nachricht-----
Von: Zach Cox [mailto:zcox522@gmail.com]
Gesendet: Montag, 9. Februar 2009 16:10
An: users@archiva.apache.org
Betreff: Re: AW: Archiva will not stop forcing password resets!



Thanks KUno, that looks promising.  I'm running the Archiva 1.1 standalone, not through Tomcat.  Do you know where I should put that security.properties file?

Thanks,
Zach


qnob wrote:
>
> I did add
>
> security.policy.password.expiration.days=999999
> security.policy.password.expiration.enabled=false
>
> in D:\apps\apache-tomcat-6.0.18\conf\security.properties
>
> worked well.
>
> KUno
>
> -----Urspr?ngliche Nachricht-----
> Von: Marc Lustig [mailto:ml@marclustig.com]
> Gesendet: Dienstag, 3. Februar 2009 17:12
> An: users@archiva.apache.org
> Betreff: Re: Archiva will not stop forcing password resets!
>
>
>
> Have you checked out this:
> http://continuum.apache.org/docs/1.2.2/administrator_guides/security/c
> ustomising-security.html
> ?
> (continuum has the same auth-system)
>
>
> Zach Cox wrote:
>>
>> We installed Archiva 1.1 last summer for internal project use.  When
>> creating every user in the system, we always uncheck the "Force User
>> to Change Password" checkbox in User Management, because it's
>> incredibly annoying and completely unnecessary for us.
>>
>> However, since we installed Archiva it has forced all of our users to
>> change their passwords several times.  During this latest round of
>> forced password changes, all of the users seem to get Locked even
>> after they successfully change the password.  Even if I sign in as
>> admin and unlock them, as soon as they try to sign-in again Archiva
>> immediately locks them and they cannot sign in.  I'm not sure how to
>> fix this other than to delete all of the users and re-create them
>> (which is just ridiculous - there has to be a better way).
>>
>> I've seen lots of messages on the mailing list about this force
>> password change/locked user problem, but no one ever seems to offer
>> any definitive answers or workarounds.
>>
>> Is there a way in Archiva 1.1 to COMPLETELY disable this forced
>> password changing?  Also, in Archiva 1.1 how can I ACTUALLY unlock
>> users so they can continue to use the system?
>>
>> Thanks,
>> Zach
>>
>
> --
> View this message in context:
> http://www.nabble.com/Archiva-will-not-stop-forcing-password-resets%21
> -tp21792131p21813019.html
> Sent from the archiva-users mailing list archive at Nabble.com.
>
>
>

--
View this message in context: http://www.nabble.com/Archiva-will-not-stop-forcing-password-resets%21-tp21792131p21914802.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: AW: Archiva will not stop forcing password resets!

[Zach Cox <zc...@gmail.com>]

Thanks KUno, that looks promising.  I'm running the Archiva 1.1 standalone,
not through Tomcat.  Do you know where I should put that security.properties
file?

Thanks,
Zach


qnob wrote:
> 
> I did add
> 
> security.policy.password.expiration.days=999999
> security.policy.password.expiration.enabled=false
> 
> in D:\apps\apache-tomcat-6.0.18\conf\security.properties
> 
> worked well.
> 
> KUno
> 
> -----Urspr?ngliche Nachricht-----
> Von: Marc Lustig [mailto:ml@marclustig.com]
> Gesendet: Dienstag, 3. Februar 2009 17:12
> An: users@archiva.apache.org
> Betreff: Re: Archiva will not stop forcing password resets!
> 
> 
> 
> Have you checked out this:
> http://continuum.apache.org/docs/1.2.2/administrator_guides/security/customising-security.html
> ?
> (continuum has the same auth-system)
> 
> 
> Zach Cox wrote:
>>
>> We installed Archiva 1.1 last summer for internal project use.  When
>> creating every user in the system, we always uncheck the "Force User
>> to Change Password" checkbox in User Management, because it's
>> incredibly annoying and completely unnecessary for us.
>>
>> However, since we installed Archiva it has forced all of our users to
>> change their passwords several times.  During this latest round of
>> forced password changes, all of the users seem to get Locked even
>> after they successfully change the password.  Even if I sign in as
>> admin and unlock them, as soon as they try to sign-in again Archiva
>> immediately locks them and they cannot sign in.  I'm not sure how to
>> fix this other than to delete all of the users and re-create them
>> (which is just ridiculous - there has to be a better way).
>>
>> I've seen lots of messages on the mailing list about this force
>> password change/locked user problem, but no one ever seems to offer
>> any definitive answers or workarounds.
>>
>> Is there a way in Archiva 1.1 to COMPLETELY disable this forced
>> password changing?  Also, in Archiva 1.1 how can I ACTUALLY unlock
>> users so they can continue to use the system?
>>
>> Thanks,
>> Zach
>>
> 
> --
> View this message in context:
> http://www.nabble.com/Archiva-will-not-stop-forcing-password-resets%21-tp21792131p21813019.html
> Sent from the archiva-users mailing list archive at Nabble.com.
> 
> 
> 

-- 
View this message in context: http://www.nabble.com/Archiva-will-not-stop-forcing-password-resets%21-tp21792131p21914802.html
Sent from the archiva-users mailing list archive at Nabble.com.

AW: Archiva will not stop forcing password resets!

["Baeriswyl Kuno - Extern (IT-BA-MV)" <ku...@sbb.ch>]

I did add

security.policy.password.expiration.days=999999
security.policy.password.expiration.enabled=false

in D:\apps\apache-tomcat-6.0.18\conf\security.properties

worked well.

KUno

-----Urspr?ngliche Nachricht-----
Von: Marc Lustig [mailto:ml@marclustig.com]
Gesendet: Dienstag, 3. Februar 2009 17:12
An: users@archiva.apache.org
Betreff: Re: Archiva will not stop forcing password resets!



Have you checked out this: http://continuum.apache.org/docs/1.2.2/administrator_guides/security/customising-security.html
?
(continuum has the same auth-system)


Zach Cox wrote:
>
> We installed Archiva 1.1 last summer for internal project use.  When
> creating every user in the system, we always uncheck the "Force User
> to Change Password" checkbox in User Management, because it's
> incredibly annoying and completely unnecessary for us.
>
> However, since we installed Archiva it has forced all of our users to
> change their passwords several times.  During this latest round of
> forced password changes, all of the users seem to get Locked even
> after they successfully change the password.  Even if I sign in as
> admin and unlock them, as soon as they try to sign-in again Archiva
> immediately locks them and they cannot sign in.  I'm not sure how to
> fix this other than to delete all of the users and re-create them
> (which is just ridiculous - there has to be a better way).
>
> I've seen lots of messages on the mailing list about this force
> password change/locked user problem, but no one ever seems to offer
> any definitive answers or workarounds.
>
> Is there a way in Archiva 1.1 to COMPLETELY disable this forced
> password changing?  Also, in Archiva 1.1 how can I ACTUALLY unlock
> users so they can continue to use the system?
>
> Thanks,
> Zach
>

--
View this message in context: http://www.nabble.com/Archiva-will-not-stop-forcing-password-resets%21-tp21792131p21813019.html
Sent from the archiva-users mailing list archive at Nabble.com.

Re: Archiva will not stop forcing password resets!

[Marc Lustig <ml...@marclustig.com>]

Have you checked out this:
http://continuum.apache.org/docs/1.2.2/administrator_guides/security/customising-security.html
?
(continuum has the same auth-system)


Zach Cox wrote:
> 
> We installed Archiva 1.1 last summer for internal project use.  When
> creating every user in the system, we always uncheck the "Force User to
> Change Password" checkbox in User Management, because it's incredibly
> annoying and completely unnecessary for us.
> 
> However, since we installed Archiva it has forced all of our users to
> change their passwords several times.  During this latest round of forced
> password changes, all of the users seem to get Locked even after they
> successfully change the password.  Even if I sign in as admin and unlock
> them, as soon as they try to sign-in again Archiva immediately locks them
> and they cannot sign in.  I'm not sure how to fix this other than to
> delete all of the users and re-create them (which is just ridiculous -
> there has to be a better way).
> 
> I've seen lots of messages on the mailing list about this force password
> change/locked user problem, but no one ever seems to offer any definitive
> answers or workarounds.
> 
> Is there a way in Archiva 1.1 to COMPLETELY disable this forced password
> changing?  Also, in Archiva 1.1 how can I ACTUALLY unlock users so they
> can continue to use the system?
> 
> Thanks,
> Zach
> 

-- 
View this message in context: http://www.nabble.com/Archiva-will-not-stop-forcing-password-resets%21-tp21792131p21813019.html
Sent from the archiva-users mailing list archive at Nabble.com.