[keycloak-dev] Default admin password

Bruno Oliveira bruno at abstractj.org
Wed May 28 04:45:47 EDT 2014


Hi Marek, not sure if I got it right. I think what we can do is to
ask for the password only once during the application startup — but I'm not sure
about how it would be annoying to users)

Or like you mentioned add an initial password to keycloak-server.json.
But what would happen with the values on .json file when the admin
changes the password? Or the password would be exposed into this file?

On 2014-05-28, Marek Posolda wrote:
> Currently there are many things for initialization of master realm
> hardcoded in ApplianceBootstrap including the initial password of admin
> user. Maybe it's not so big issue as user is required to change admin
> password after first login, but still it's not ideal IMO because if
> someone access admin console faster than you, he can change admin
> password and gain full admin access.
>
> I wonder if we can improve this? At least adding initial admin password
> into keycloak-server.json may help a bit as people can change default
> value from "admin" to something else. wdyt?
>
> Marek
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev

--

abstractj


More information about the keycloak-dev mailing list