On 4.12.2012 12:31, Tomas Sedovic wrote:
On 11/26/2012 03:43 PM, Aaron Weitekamp wrote:
I understand this is ultimately a sysadmin responsibility, but is there
any scenario where a user would use the default username and password?
If defaults are for developer and testing convenience it seems we can
take the extra step to put our own values in. Given the serious security
concerns of leaving defaults in place, I'm wondering why would we
provide the option to use a default username/password?
-Aaron
I agree that having default username and password (especially with admin
privileges) in the production setup is a dangerous thing. We should remove that
and instead provide the admins with a simple way of setting these up (probably
a query in the aeolus-configure script).
The intent of the default username/password was indeed for dev/testing only and
I would argue that we should still keep them there.
This will make it easier for the new users trying things out and for us when
we're helping them debug any setup issues.
Since we have different set of tools for setting up the dev/prod environments
this should not be a problem.
What do you think?
Thomas
This seems like a similar issue as including default image templates and
deployables [1].
Might be nice to include default templates, deployables and admin account when
you are setting up Aeolus for development or evaluation, but not for production.
J.
[1]
https://lists.fedorahosted.org/pipermail/aeolus-devel/2012-December/013436.html
