You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Brett Porter (JIRA)" <ji...@codehaus.org> on 2008/06/30 07:37:26 UTC
[jira] Updated: (MRM-800) Admin user account user lockout via
Webdav only?
[ http://jira.codehaus.org/browse/MRM-800?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter updated MRM-800:
-----------------------------
Fix Version/s: 1.1
I think this might be corrected already in 1.1. We should verify - if not, it might be scheduled for 1.1.x, but it's important to get sorted out.
> Admin user account user lockout via Webdav only?
> ------------------------------------------------
>
> Key: MRM-800
> URL: http://jira.codehaus.org/browse/MRM-800
> Project: Archiva
> Issue Type: Bug
> Components: Users/Security
> Affects Versions: 1.0
> Reporter: Paul Smith
> Fix For: 1.1
>
>
> We've setup Archiva fairly basically here. Out of the box unpack, no additional users, so pretty much the admin user does everything.
> So, we setup the admin user with a simple password. If someone however uses Maven to attempt to deploy using this account, but has the admin password wrong, it appears even after just one attempt, the admin user account is locked. We cannot even login to the web page anymore let alone deploy. We have been forced to trash the user/database directory and restart archiva and reissue a new password.
> What is totally bizarre is that despite repeated attempts to enter incorrect password details into the login page of Archiva I can't get it to trip this same behaviour. It's as if only during the Maven deploy stage (which goes through the WebDAV connector presumably) does this behaviour exhibit itself.
> Of course getting the password reset then causes further problems because the when you try to get everyone to update their local Maven settings.xml, if one person forgets and tries to deploy, then the admin account is locked again, and we go through the whole cycle once more.
> Fits more in annoying side, just can't work out why this lockout happens only in deploy mode. I can't see anything in the logs either about this account of interest.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira