Feature #3272
Separate internal admin account from user admin accounts
Description
Currently we install a default "admin" account which is used both for internal+anonymous actions, and the first user's login. This account can't be deleted as we need it for the former.
This use should be separated by hiding the internal admin account, then have the user either set up a new account for themselves during installation or first access.
We can then permit the user to delete all but one admin accounts (and except our hidden one).
Related issues
Associated revisions
fixes #3272 - allow 'admin' account to be removed and replaced
refs #3272 - pass admin user details into db:seed rake task
refs #3272 - print new user/password after installation
History
#1
Updated by Anonymous over 9 years ago
- Target version set to 1.10.0
#2
Updated by Dominic Cleal over 9 years ago
Updated by This must include having a user-selected or randomised password for the first admin account.
#3
Updated by Dominic Cleal over 9 years ago
- Related to Feature #3725: Make default root password more explicit and configurable at install time added
#4
Updated by Dominic Cleal over 9 years ago
- Status changed from New to Assigned
- Assignee set to Dominic Cleal
#5
Updated by Dominic Cleal over 9 years ago
- Blocked by Refactor #3752: Move all data addition in DB migrations into a seed script added
#6
Updated by Dominic Cleal over 9 years ago
- Target version changed from 1.10.0 to 1.9.3
#7
Updated by Dominic Cleal over 9 years ago
I requested some feedback on foreman-dev to work out how the first user account should be populated:
https://groups.google.com/forum/#!topic/foreman-dev/8v53KusW_gw
The consensus seemed to be:
- accept the initial admin password as an installer parameter, allowing it to be specified on the command line and answers file
- randomise the admin password if it's not given, and force the user to reset it on first login
- print the admin password after install
#8
Updated by Anonymous about 9 years ago
- Target version deleted (
1.9.3)
#9
Updated by Benjamin Papillon about 9 years ago
Updated by - Related to Bug #2108: Cannot delete or rename admin user via GUI added
#10
Updated by Dominic Cleal about 9 years ago
- Related to Feature #2128: There should be a post-installation screen to setup the initial username and password when login is enabled added
#11
Updated by Anonymous about 9 years ago
- Target version set to 1.9.0
#12
Updated by Dominic Cleal almost 9 years ago
This is in progress on https://github.com/domcleal/foreman/tree/3272-admin-account, and I hope to have it up for review in sprint 22.
The main areas still to work on are: randomising the admin password via the installer and the db:seed script, ensuring admin-enabled user groups interact properly with the changes, and possibly a forced password change when the randomised password is first used.
#13
Updated by Dominic Cleal almost 9 years ago
- Target version changed from 1.9.0 to 1.8.4
#14
Updated by Dominic Cleal almost 9 years ago
- Target version changed from 1.8.4 to 1.8.3
#15
Updated by Dominic Cleal almost 9 years ago
Please merge in the following order.
Hammer related PRs to support change of default password:
https://github.com/theforeman/hammer-cli-foreman/pull/117https://github.com/theforeman/puppet-foreman/pull/192https://github.com/theforeman/foreman-installer/pull/117
Core PR:
Installer PRs for seeding:
#16
Updated by Dominic Cleal almost 9 years ago
- Status changed from Assigned to Ready For Testing
#17
Updated by Dominic Cleal almost 9 years ago
End to end test with all PRs applied:
[root@foreman foreman]# foreman-installer
Installing Done [100%] [..............................................]
Success!
* Foreman is running at https://foreman.example.com
Initial credentials are admin / MBDKVR4FCUEUYbiJ
* Foreman Proxy is running at https://foreman.example.com:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman-installer.log
[root@foreman foreman]# hammer user list
---|-------|------------|-----------------
ID | LOGIN | NAME | EMAIL
---|-------|------------|-----------------
3 | admin | Admin User | root@example.com
---|-------|------------|-----------------
[root@foreman foreman]# curl -k -u admin:MBDKVR4FCUEUYbiJ https://foreman.example.com/api/v2/status; echo
{"result":"ok","status":200,"version":"1.6-develop","api_version":2}
#18
Updated by Anonymous almost 9 years ago
- Target version changed from 1.8.3 to 1.8.2
#19
Updated by Anonymous almost 9 years ago
- Target version changed from 1.8.2 to 1.8.1
#20
Updated by Dominic Cleal over 8 years ago
- Legacy Backlogs Release (now unused) set to 10
#21
Updated by Dominic Cleal over 8 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset e07f9a1245e3c88db7cd8031838cefe66988f1fe.
#22
Updated by Dominic Cleal over 8 years ago
- Related to Feature #6586: Allow user-specified password in rake permissions:reset added
#23
Updated by Dominic Cleal over 8 years ago
- Related to Bug #6606: Can't delete a user if there's only one admin account added
#24
Updated by Dominic Cleal over 8 years ago
- Related to Bug #6873: Error during db:seed from 1.4 to 1.6: undefined method `expire_topbar_cache' for nil:NilClass added
#25
Updated by Dominic Cleal over 8 years ago
- Related to Bug #6953: Fix bad internationalization calls in User added
refs #3272 - default password will be going away