[Hawkular-dev] Default user, or alternative realm file?

Juraci Paixão Kröhling jpkroehling at redhat.com
Wed Mar 11 15:20:30 EDT 2015 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/11/2015 05:55 PM, Thomas Heute wrote:
> Not sure to understand the alternatives but I have comments: -
> Having 'admin' or 'root' for a super user IMO simplifies 
> documentation/usage. (I can imagine that a user could forget what 
> username he chose as superadmin for instance).

I don't think we have a "super user" or "root". Do we actually need one?

> - We need to force "complex passwords", this is actually a product 
> requirement

That could be enforced on Keycloak, via the same realm configuration
file. I'll take a look at how to configure that and will add. Do you
have a definition of "complex password"?

> - Copying a file is a step that needs to be documented and is 
> unfriendly + either you need to encode the password (some tool like
> for Wildfly) or worse have the password in clear in a file for
> import.

Note that, right now, no file needs to be copied: we ship with a realm
template that does not contain any users. Opening the console when not
logged in presents the user with the login screen. If the user is not
registered yet, said user can self-register. This step (self-register)
is what is being questioned here: it's a PITA to self-register every
time a new build is done locally. So, to prevent self-registration, we
could ship with a default user.

In fact, I think we might have a third option: use the "dev" maven
profile to determine which realm template to use. If the "dev" profile
is active, then we can use the realm with a default user. Otherwise,
no default users.

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVAJV+AAoJECKM1e+fkPrX8D4IAJiOU/ZgBhxpacbVW5Fv3CSt
H+ItVQz+qw8oVRNPdD/9LevmKr3wJXlCtzJV+YKvw5O7xVm/KmfWdHdKDpwRKgG8
EC7ETw8LZAN18Du5URMKWzgixZZdMBIcQeFZfzwuEGZjw4rIj66XtK/HXT+jLim+
KPqq3qq5p4nidOJmhO0oODQ7JXBJN/bifyrYvMG+wRTCrFwJdHpjk5RHnOU1DrLV
7TR3H8mtaX3PEjyGKxwmisEPdKgcWdeFuf7JAYybbyxLECpOVcz+tgQJUlxj+9I7
VRlvxE+uXl/sKHDhAay7xwYR5obJ0qXSWDjIQspoEceodOwqCDQYq0tJk74CnEE=
=rlWT
-----END PGP SIGNATURE-----

More information about the hawkular-dev mailing list