Opened 10 years ago

Last modified 9 months ago

#581 new enhancement

Command line password reset utility

Reported by: zspitzer Owned by:
Priority: low Milestone:
Component: Server Version:
Severity: minor Keywords:
Cc: External ID:

Description

Currently there is no way to reset a lost password for a Mapguide Repository, apart from deleting the repository and starting over.

There is a need for a simple command line tool which resets the password in the repository.

Change History (3)

comment:1 Changed 9 years ago by jbirch

Severity: trivialminor

If this tool was distributed with MapGuide, it could be used by the installer to override the default Admin / Author passwords with install-time values, improving the out-of-the-box security of MapGuide.

comment:2 Changed 8 years ago by jbirch

Version: 2.0.1

Removing version from enhancement request.

comment:3 Changed 9 months ago by jng

In 9201:

Add support for a "setpwd" command-line operation. The use case for this feature is to change the passwords for built-in users in a headless fashion before starting up the mgserver/daemon proper. It also addresses #581.

This is important for security when MapGuide is used within a container (eg. Docker) or an automated environment provisioning context where being able to programmatically change passwords for built-in users from their designated defaults is currently cumbersome as the Site Administrator requires manual operation and the only known way to programmatically change the password is through MgSite?, but using this API requires a running mgserver and thus requires coordinating the server to be online first before being able to use this particular API.

A small side-effect of changing passwords using this approach is that it will blank out other properties of the user, such as its user name (not related to its user id) and description. To preserve such information, we would have to first call EnumerateUsers? and manually parse the XML response for the matching user and call UpdateUser? with the new password and the preserved user information. This information is inconsequential in the grand scheme so having it blanked out through this setpwd command is deemed by me to be an acceptable trade-off for simplicity of the implementation.

Note: See TracTickets for help on using tickets.