Re: [keycloak-dev] Default admin password
Hi Marek, not sure if I got it right. I think what we can do is to
ask for the password only once during the application startup — but I'm not sure
about how it would be annoying to users)
Or like you mentioned add an initial password to keycloak-server.json.
But what would happen with the values on .json file when the admin
changes the password? Or the password would be exposed into this file?
On 2014-05-28, Marek Posolda wrote:
Currently there are many things for initialization of master realm
hardcoded in ApplianceBootstrap including the initial password of admin
user. Maybe it's not so big issue as user is required to change admin
password after first login, but still it's not ideal IMO because if
someone access admin console faster than you, he can change admin
password and gain full admin access.
I wonder if we can improve this? At least adding initial admin password
into keycloak-server.json may help a bit as people can change default
value from "admin" to something else. wdyt?
Marek
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev
--
abstractj