Opened 15 years ago

Closed 5 years ago

#581 closed enhancement (fixed)

Command line password reset utility

Reported by: zspitzer Owned by:
Priority: low Milestone:
Component: Server Version:
Severity: minor Keywords:
Cc: External ID:


Currently there is no way to reset a lost password for a Mapguide Repository, apart from deleting the repository and starting over.

There is a need for a simple command line tool which resets the password in the repository.

Change History (4)

comment:1 by jbirch, 14 years ago

Severity: trivialminor

If this tool was distributed with MapGuide, it could be used by the installer to override the default Admin / Author passwords with install-time values, improving the out-of-the-box security of MapGuide.

comment:2 by jbirch, 13 years ago

Version: 2.0.1

Removing version from enhancement request.

comment:3 by jng, 5 years ago

In 9201:

Add support for a "setpwd" command-line operation. The use case for this feature is to change the passwords for built-in users in a headless fashion before starting up the mgserver/daemon proper. It also addresses #581.

This is important for security when MapGuide is used within a container (eg. Docker) or an automated environment provisioning context where being able to programmatically change passwords for built-in users from their designated defaults is currently cumbersome as the Site Administrator requires manual operation and the only known way to programmatically change the password is through MgSite, but using this API requires a running mgserver and thus requires coordinating the server to be online first before being able to use this particular API.

A small side-effect of changing passwords using this approach is that it will blank out other properties of the user, such as its user name (not related to its user id) and description. To preserve such information, we would have to first call EnumerateUsers and manually parse the XML response for the matching user and call UpdateUser with the new password and the preserved user information. This information is inconsequential in the grand scheme so having it blanked out through this setpwd command is deemed by me to be an acceptable trade-off for simplicity of the implementation.

comment:4 by jng, 5 years ago

Resolution: fixed
Status: newclosed
Note: See TracTickets for help on using tickets.