[Hawkular-dev] Default user, or alternative realm file?

Gary Brown gbrown at redhat.com
Thu Mar 12 04:37:30 EDT 2015 

+1 - dev profile to create default user, prod profile no users.

----- Original Message -----
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> On 03/11/2015 05:55 PM, Thomas Heute wrote:
> > Not sure to understand the alternatives but I have comments: -
> > Having 'admin' or 'root' for a super user IMO simplifies
> > documentation/usage. (I can imagine that a user could forget what
> > username he chose as superadmin for instance).
> 
> I don't think we have a "super user" or "root". Do we actually need one?
> 
> > - We need to force "complex passwords", this is actually a product
> > requirement
> 
> That could be enforced on Keycloak, via the same realm configuration
> file. I'll take a look at how to configure that and will add. Do you
> have a definition of "complex password"?
> 
> > - Copying a file is a step that needs to be documented and is
> > unfriendly + either you need to encode the password (some tool like
> > for Wildfly) or worse have the password in clear in a file for
> > import.
> 
> Note that, right now, no file needs to be copied: we ship with a realm
> template that does not contain any users. Opening the console when not
> logged in presents the user with the login screen. If the user is not
> registered yet, said user can self-register. This step (self-register)
> is what is being questioned here: it's a PITA to self-register every
> time a new build is done locally. So, to prevent self-registration, we
> could ship with a default user.
> 
> In fact, I think we might have a third option: use the "dev" maven
> profile to determine which realm template to use. If the "dev" profile
> is active, then we can use the realm with a default user. Otherwise,
> no default users.
> 
> - - Juca.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
> 
> iQEcBAEBAgAGBQJVAJV+AAoJECKM1e+fkPrX8D4IAJiOU/ZgBhxpacbVW5Fv3CSt
> H+ItVQz+qw8oVRNPdD/9LevmKr3wJXlCtzJV+YKvw5O7xVm/KmfWdHdKDpwRKgG8
> EC7ETw8LZAN18Du5URMKWzgixZZdMBIcQeFZfzwuEGZjw4rIj66XtK/HXT+jLim+
> KPqq3qq5p4nidOJmhO0oODQ7JXBJN/bifyrYvMG+wRTCrFwJdHpjk5RHnOU1DrLV
> 7TR3H8mtaX3PEjyGKxwmisEPdKgcWdeFuf7JAYybbyxLECpOVcz+tgQJUlxj+9I7
> VRlvxE+uXl/sKHDhAay7xwYR5obJ0qXSWDjIQspoEceodOwqCDQYq0tJk74CnEE=
> =rlWT
> -----END PGP SIGNATURE-----
> _______________________________________________
> hawkular-dev mailing list
> hawkular-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/hawkular-dev
>

More information about the hawkular-dev mailing list