[Hawkular-dev] Default user, or alternative realm file?

[Juraci Paixão Kröhling]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/12/2015 02:35 PM, Matt Wringe wrote:
> I think the user configuration file is probably a more clean and
> better solution (and also matches what users are used to for other
> application servers). So +1 for a user configuration file (assuming
> in production the user file has to be created by the admin so that
> we don't have the first-to-access-wins situation).

Note that we don't actually *need* a default user, so, this poll is
about deciding on whether or not to include one. So far, I take it
that most prefer to have a default user for the dev profile.

Your suggestions are actually really good, and I might end up using an
approach similar to that in another part: the default Keycloak admin
password. Our window of attack for the default Keycloak admin's
credentials is far bigger than Keycloak itself: while Keycloak folks
expect admins to install and configure it right away, we don't expect
"admins" to open Keycloak as soon as they install Hawkular. So, the
default username/password for Keycloak might live for hours/days
before the admin realizes that it needs to be changed.

- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJVAZlGAAoJECKM1e+fkPrXRvEIAIOw0zdUuDtg8/DaVVg+o7U8
AAdbbZOOpstYZ2kq4m//Dx9xV89RkBYJYLgjeZcsJ+vYl1ZoU2M+8cqnVodXi8hU
r/quHqiNI5nZdvBN4lYLpXyWh08ljlcMmrCjNBSFvSFpk9l11QavtrXA1mr0t+N9
DYcleENnhs3IlHoX+bR5PtHvhd/+Plln2I4sIFB6EDZvjApvnCXDQjtWcI1gQa+S
zT0tF543BRCtbLiJ5ealmdL13Goid3srsueWt4e69KEvpuT2oL5dHtlWY2KR+c4m
ozIFB8FppN+o3lFe1ZNmJxQKZVYbdC/L4o3FvNL6udHsTaBVYLcNDVWovf/hH2Q=
=QSWJ
-----END PGP SIGNATURE-----