Thanks, everyone, for getting me straightened out on this.  I thought it
was referring to the admin password.

Matt


On Fri, Jul 20, 2012 at 10:11 AM, <christian.muel...@nvoe.at> wrote:

> Some additional explanations here.
>
> The admin password is kept during migration except the fact that it is
> stored encrypted. The admin user is a normal user and it is also possible
> to remove the admin user.
>
> The master password defaults to "geoserver" and is used for
>
> 1) Lo gin of the user "root" (root is an administrator and the root user
> is not removable)
>
> 2) Encrypting the java key store containing the key material used by
> geoserver
>
> You should change the master password, otherwise everybody can log in as
> an administrator to geoserver with userid "root" and password "geoserver".
>
> Try it.
>
> Even worse, using the java keytool, an attacker could inspect all the
> private key material contained in geoserver.jceks, the key store password
> is the master password which in turn is "geoserver".
>
> For production systems you have to change the master password.
>
> Hope that helps
> Christian
>
>
>
> Zitat von Andrea Aime <andrea.a...@geo-solutions.it>**:
>
>
>  On Fri, Jul 20, 2012 at 4:40 PM, Matthew Foster  <matthew.fos...@noaa.gov
>> >**wrote:
>>
>>  I just upgraded from 2.1.4 to 2.2-RC1.  The main page is giving me a
>>> message that the master password has not been changed from the default.
>>>  Our password was changed from the default prior to the upgrade.
>>>
>>> Is this a known issue?
>>>
>>>
>> The admin password is one thing, the master password is another
>>
>> Cheers
>> Andrea
>>
>>
>> --
>> ==
>> Our support, Your Success! Visit 
>> http://opensdi.geo-solutions.**it<http://opensdi.geo-solutions.it>for more
>> information.
>> ==
>>
>> Ing. Andrea Aime
>> @geowolf
>> Technical Lead
>>
>> GeoSolutions S.A.S.
>> Via Poggio alle Viti 1187
>> 55054  Massarosa (LU)
>> Italy
>> phone: +39 0584 962313
>> fax:   +39 0584 962313
>> mob:   +39 339 8844549
>>
>> http://www.geo-solutions.it
>> http://twitter.com/**geosolutions_it <http://twitter.com/geosolutions_it>
>>
>> ------------------------------**-------------------------
>>
>>
>
>
> ------------------------------**------------------------------**----
> This message was sent using IMP, the Internet Messaging Program.
>
>
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Geoserver-users mailing list
Geoserver-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/geoserver-users

Reply via email to