Some additional explanations here. The admin password is kept during migration except the fact that it is stored encrypted. The admin user is a normal user and it is also possible to remove the admin user.
The master password defaults to "geoserver" and is used for 1) Lo gin of the user "root" (root is an administrator and the root user is not removable) 2) Encrypting the java key store containing the key material used by geoserver You should change the master password, otherwise everybody can log in as an administrator to geoserver with userid "root" and password "geoserver". Try it. Even worse, using the java keytool, an attacker could inspect all the private key material contained in geoserver.jceks, the key store password is the master password which in turn is "geoserver". For production systems you have to change the master password. Hope that helps Christian Zitat von Andrea Aime <andrea.a...@geo-solutions.it>: > On Fri, Jul 20, 2012 at 4:40 PM, Matthew Foster > <matthew.fos...@noaa.gov>wrote: > >> I just upgraded from 2.1.4 to 2.2-RC1. The main page is giving me a >> message that the master password has not been changed from the default. >> Our password was changed from the default prior to the upgrade. >> >> Is this a known issue? >> > > The admin password is one thing, the master password is another > > Cheers > Andrea > > > -- > == > Our support, Your Success! Visit http://opensdi.geo-solutions.it for more > information. > == > > Ing. Andrea Aime > @geowolf > Technical Lead > > GeoSolutions S.A.S. > Via Poggio alle Viti 1187 > 55054 Massarosa (LU) > Italy > phone: +39 0584 962313 > fax: +39 0584 962313 > mob: +39 339 8844549 > > http://www.geo-solutions.it > http://twitter.com/geosolutions_it > > ------------------------------------------------------- > ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Geoserver-users mailing list Geoserver-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/geoserver-users