Bug 1010965

Summary: DTGov/Overlord Username/password entry
Product: [JBoss] JBoss Fuse Service Works 6 Reporter: Nick Cross <ncross>
Component: InstallerAssignee: Thomas Hauser <thauser>
Status: CLOSED CURRENTRELEASE QA Contact: Len DiMaggio <ldimaggi>
Severity: high Docs Contact:
Priority: unspecified    
Version: 6.0.0 GACC: eric.wittmann, sbunciak, soa-p-jira
Target Milestone: ER4   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Nick Cross 2013-09-23 12:02:36 UTC 
Currently the default password is masked out (so the user has no idea what the default is) but then it is revealed in later screesn.

After speaking to Eric and showing him the installer he had the following feedback on the DTGov username/password entry
"
1. Remove the default value in the RTGov password entry field.
2. Don't allow them to change the username. Or if you do, then the following would also need to be updated overlord-idp-roles.properties (it already has an admin entry), dtgov.properties (it would need an admin entry).
"
Comment 2 Eric Wittmann 2013-09-24 14:55:41 UTC 
For #1 - I just don't think there should be a default password in the installer.  The whole reason for prompting the user is to *not* have any sort of common default that could provide an attack vector against EAP.

For #2 - I suggest we remove the 'admin' input field or else mark it as read-only (easier??).  Allowing the user to change the admin username is something we can do after the beta release.  Note that we're going to be making all sorts of changes in this area for FSW 6 post-beta *anyway*.

So, I recommend that the installer simply prompt the user for an admin password, without letting the user change the name of the admin user.  The installer must then store that password in the following places:

overlord-idp-users.properties (1 property)
-----------------------------
  admin=**pwd**


dtgov.properties (3 properties)
----------------
  sramp.repo.password=**pwd**
  governance.bpm.password=**pwd**
  governance.password=**pwd**


dtgov-sramp-seed-data-cli-commands.txt
--------------------------------------
# Need to replace "overlord" in this file with **pwd**
Comment 3 Thomas Hauser 2013-09-24 17:33:25 UTC 
Fixed with http://git.app.eng.bos.redhat.com/?p=jbossas-installer.git;a=commit;h=f3ecbef

Behavior is exactly what Eric describes in his comment.