You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@archiva.apache.org by "Benjamin Heasly (JIRA)" <ji...@apache.org> on 2016/02/18 20:10:18 UTC

[jira] [Created] (MRM-1912) Guest password should never be reset

Benjamin Heasly created MRM-1912:
------------------------------------

             Summary: Guest password should never be reset 
                 Key: MRM-1912
                 URL: https://issues.apache.org/jira/browse/MRM-1912
             Project: Archiva
          Issue Type: Bug
          Components: redback, Users/Security, Web Interface
    Affects Versions: 2.2.0
         Environment: AWS, EC2, ECS, Docker, Ubuntu
            Reporter: Benjamin Heasly


This is an experience report from a user.

I stood up a new Archiva instance about 90 days ago.  As per default security configuration, user passwords began to expire recently.

It seems that even the guest account has expired .  As a result, guest access is now 403 Forbidden.

Since the guest account is for anonymous access, and has no password, this account probably should be exempt from password expiration.  Is this a bug?

I can reset the guest password successfully, restoring access for this account.  However, I cannot reset to the empty password using the web interface.  The edit user form complains of the password field, "This field is required."  Is this also a bug?



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)