Does the webconsole authentication store the password hashed or plaintext?
-Rob
On 10/4/16, 8:22 AM, "Stefan Seifert" <sseif...@pro-vision.de> wrote:
when the repository is up and running the repository authentication is used
for web console as well.
but during startup phase, or when the repository is down/unavailable the
authentication built into the web console itself takes place.
you need to change the admin password in the osgi config "Apache Felix OSGi
Management Console" as well. esp. on production systems or you have a security
leak if the repository is not available for whatever reason.
stefan
>-----Original Message-----
>From: Roy Teeuwen [mailto:r...@teeuwen.be]
>Sent: Tuesday, October 4, 2016 4:45 PM
>To: users@sling.apache.org
>Subject: Authentication handler
>
>Hey all,
>
>When starting up our sling instance, if you go to /system/console in the
>VERY beginning (like 1-3 seconds after doing a startup), it is possible to
>log in with admin/admin, even when the admin password has been changed to
>something else.
>What bundle has to come active for this hardcoded default login not to work
>anymore?
>
>Greetings,
>Roy
