Hide Forgot
Currently the default password is masked out (so the user has no idea what the default is) but then it is revealed in later screesn. After speaking to Eric and showing him the installer he had the following feedback on the DTGov username/password entry " 1. Remove the default value in the RTGov password entry field. 2. Don't allow them to change the username. Or if you do, then the following would also need to be updated overlord-idp-roles.properties (it already has an admin entry), dtgov.properties (it would need an admin entry). "
For #1 - I just don't think there should be a default password in the installer. The whole reason for prompting the user is to *not* have any sort of common default that could provide an attack vector against EAP. For #2 - I suggest we remove the 'admin' input field or else mark it as read-only (easier??). Allowing the user to change the admin username is something we can do after the beta release. Note that we're going to be making all sorts of changes in this area for FSW 6 post-beta *anyway*. So, I recommend that the installer simply prompt the user for an admin password, without letting the user change the name of the admin user. The installer must then store that password in the following places: overlord-idp-users.properties (1 property) ----------------------------- admin=**pwd** dtgov.properties (3 properties) ---------------- sramp.repo.password=**pwd** governance.bpm.password=**pwd** governance.password=**pwd** dtgov-sramp-seed-data-cli-commands.txt -------------------------------------- # Need to replace "overlord" in this file with **pwd**
Fixed with http://git.app.eng.bos.redhat.com/?p=jbossas-installer.git;a=commit;h=f3ecbef Behavior is exactly what Eric describes in his comment.