----- Original Message -----
From: "Juraci Paixão Kröhling" <juraci(a)kroehling.de>
To: "Stian Thorgersen" <stian(a)redhat.com>
Cc: keycloak-user(a)lists.jboss.org
Sent: Wednesday, March 18, 2015 9:15:55 AM
Subject: Re: [keycloak-user] Admin's password override
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/18/2015 05:07 AM, Stian Thorgersen wrote:
>> Sounds a bit hackish to me ;)
Indeed :)
>> Why not just use the same user for the Hawkular admin console?
>> That way they'll change the password when they login to Hawkular
>> for the first time.
Each Hawkular user is an "account", that have "tenancy" semantics.
So,
there's no notion of "admin" for Hawkular yet, and we are not
convinced we need one. Perhaps that will change in the future, and if
so, this would certainly be an option.
But I'm not sure what you are suggesting: to use the "master" realm as
the realm for Hawkular? Or to create an user on "hawkular" realm and
assign this user as an "admin" on the master realm? Wouldn't it mean
that there would be two users?
Interesting, who can create a tenant then? Do you not need an admin for that?
>> An alternative is that we need to support a way to recover the
>> admin password if it's lost. Would be a script or something that
>> can only be used locally. With that you could just set the
>> Keycloak admin password to something random.
Agree on the first two parts, but what would be a good way to
accomplish the third part (when to do it, and how to do it)? On first
boot?
Think this is something we'll need to figure out for KC in either case. We need to be
able to provision KC instances in the cloud without default username/passwords I reckon.
Also, we do need the recover password option.
Do you reckon that users of Hawkular will use the KC admin console at all? If not then
just set the password to something random with the mechanism Marek pointed out.
- - Juca.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQEcBAEBAgAGBQJVCTQ7AAoJEDnJtskdmzLMHF0H/0m5fokXt/IgyOd3Bu6+y5i4
BR8hXU0bziKtwHdLOnfgmOKGNd5cxrlvwY07Udo6IAqvuvwgvmoz470l87XEKfW5
GwiRT3HXoSbh+0kZRCBQgJaThH7k0PVbGRM5DzeoL+zsl6U6uqkZ47oLSgrL2dO8
6d0epTcg5PdAyJcFbDGi5SYa/PW6TkPQrR3wsA78IIippDP4FtrUPQzWVRdVaq+E
GITYoVovWgGkuzm/WzaP58YyihxDXyO8t8MDDoyV/QAq5rJjWKbXhN6kM28Jtv02
toizoDyvr4sVW25qCqaHjOYzfEsUYw4KCNugAfYoXrfnNNfzrk93dEh+/2j+SRU=
=J7vu
-----END PGP SIGNATURE-----