I have checked in the installer changes to take care of the following.
This should also make sure
that the installer is not broken till the time all of the changes are in.
a). Remove "Anonymous" option from installer UI.
b). Default admin username field to "admin".
c). Change the text on the admin configuration panel to include the
following
"Please provide username and password for the server. You may leave the
password field empty if you
would like to configure the server for unauthenticated logins.". I will
rephrase it as fit later.
d). Currently password field cannot be null and installer creates domain
with --passwordfile.
Once your changes are checked in, I will take care of the following
a). Allow zero-length password.
b). create domain with --nopassword option for zero-length passwords.
Thanks
Sathyan
Bill Shannon wrote:
> Needless to say, I never use the installer. :-)
>
> Yes, the installer should probably remove the concept of "anonymous",
> but it might want to offer a similar choice - default admin user with
> not password, or you specify the admin user (default "admin") and
> password.
> An interesting question is whether it would be better to just display
> username and password fields, with the username pre-filled in with
> "admin"
> and the password field empty, and just let people click "ok".
>
> Let me know if there's anything I can do to help you update the
> installer.
> If you want me to wait on these changes until you're further along, let
> me know.
>
>
> Sathyan Catari wrote on 09/09/09 16:35:
>> Thanks for the heads up Bill, this would also require changes in the
>> installer to remove "anonymous" option
>> and our changes need to be synced up.
>>
>> -Sathyan
>>
>> Bill Shannon wrote:
>>> We've been struggling with a number of issues related to anonymous
>>> admin login, such as:
>>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=8673
>>>
>>> It's been unclear how the transition from anonymous login to
>>> authenticated login should work.
>>>
>>> It's also the case that if you send incorrect credentials to a
>>> domain that's configured for anonymous login, it will accept them,
>>> which can hide configuration errors.
>>>
>>>
>>> Several of us discussed these issues offline and we decided to simplify
>>> all of this. Here's what we'll do...
>>>
>>> We'll remove the "anonymous" user. Instead, there will be a default
>>> admin user named "admin" with no password.
>>>
>>> If there's exactly one admin user (whatever the name), with no
>>> password,
>>> unauthenticated login will be allowed. The admin GUI will send you to
>>> the main page without you needing to type anything to the login page.
>>> For the admin CLI, if you don't specify a --user option, it will send
>>> requests with no authentication information, which will be accepted in
>>> this case. If you specify a user name, it must be the correct user
>>> name with the correct (by default empty) password.
>>>
>>> When creating a new domain you can choose the name of the admin user
>>> (or use the default). You can also specify a --nopassword option and
>>> you won't be prompted for a password for the admin user (avoiding the
>>> need to provide a password file for scripts that create such domains).
>>>
>>> An important aspect of this change is that creating a domain with
>>> "--user anonymous" is no longer special; you'll be required to specify
>>> a password using a password file, or use the --nopassword option.
>>> There's nothing special about the user name "anonymous", and you
>>> probably shouldn't be using that user name anymore.
>>>
>>> The transition to an authenticated domain is easy - simply assign a
>>> password to the admin user.
>>>
>>>
>>> I'll be committing this change later this week. Changes to the
>>> quicklook
>>> tests will be included. Likely other tests will need to be updated to
>>> accommodate these changes, in particular to remove any use of the
>>> user name
>>> "anonymous".
>>>
>>> Let me know if you have any questions.
>>>
>>> ---------------------------------------------------------------------
>>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>>
>>>
>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>