Feature #3272
closed
Separate internal admin account from user admin accounts
Added by Dominic Cleal over 10 years ago. Updated almost 6 years ago.
Description
Currently we install a default "admin" account which is used both for internal+anonymous actions, and the first user's login. This account can't be deleted as we need it for the former.
This use should be separated by hiding the internal admin account, then have the user either set up a new account for themselves during installation or first access.
We can then permit the user to delete all but one admin accounts (and except our hidden one).
Updated by Dominic Cleal over 10 years ago
This must include having a user-selected or randomised password for the first admin account.
Updated by Dominic Cleal over 10 years ago
- Related to Feature #3725: Make default root password more explicit and configurable at install time added
Updated by Dominic Cleal over 10 years ago
- Status changed from New to Assigned
- Assignee set to Dominic Cleal
Updated by Dominic Cleal over 10 years ago
- Blocked by Refactor #3752: Move all data addition in DB migrations into a seed script added
Updated by Dominic Cleal over 10 years ago
- Target version changed from 1.10.0 to 1.9.3
Updated by Dominic Cleal over 10 years ago
I requested some feedback on foreman-dev to work out how the first user account should be populated:
https://groups.google.com/forum/#!topic/foreman-dev/8v53KusW_gw
The consensus seemed to be:
- accept the initial admin password as an installer parameter, allowing it to be specified on the command line and answers file
- randomise the admin password if it's not given, and force the user to reset it on first login
- print the admin password after install
Updated by Benjamin Papillon about 10 years ago
- Related to Bug #2108: Cannot delete or rename admin user via GUI added
Updated by Dominic Cleal about 10 years ago
- Related to Feature #2128: There should be a post-installation screen to setup the initial username and password when login is enabled added
Updated by Dominic Cleal about 10 years ago
This is in progress on https://github.com/domcleal/foreman/tree/3272-admin-account, and I hope to have it up for review in sprint 22.
The main areas still to work on are: randomising the admin password via the installer and the db:seed script, ensuring admin-enabled user groups interact properly with the changes, and possibly a forced password change when the randomised password is first used.
Updated by Dominic Cleal about 10 years ago
- Target version changed from 1.9.0 to 1.8.4
Updated by Dominic Cleal about 10 years ago
- Target version changed from 1.8.4 to 1.8.3
Updated by Dominic Cleal about 10 years ago
Please merge in the following order.
Hammer related PRs to support change of default password:
https://github.com/theforeman/hammer-cli-foreman/pull/117https://github.com/theforeman/puppet-foreman/pull/192https://github.com/theforeman/foreman-installer/pull/117
Core PR:
Installer PRs for seeding:
Updated by Dominic Cleal about 10 years ago
- Status changed from Assigned to Ready For Testing
Updated by Dominic Cleal about 10 years ago
End to end test with all PRs applied:
[root@foreman foreman]# foreman-installer
Installing Done [100%] [..............................................]
Success!
* Foreman is running at https://foreman.example.com
Initial credentials are admin / MBDKVR4FCUEUYbiJ
* Foreman Proxy is running at https://foreman.example.com:8443
* Puppetmaster is running at port 8140
The full log is at /var/log/foreman-installer/foreman-installer.log
[root@foreman foreman]# hammer user list
---|-------|------------|-----------------
ID | LOGIN | NAME | EMAIL
---|-------|------------|-----------------
3 | admin | Admin User | root@example.com
---|-------|------------|-----------------
[root@foreman foreman]# curl -k -u admin:MBDKVR4FCUEUYbiJ https://foreman.example.com/api/v2/status; echo
{"result":"ok","status":200,"version":"1.6-develop","api_version":2}
Updated by Anonymous about 10 years ago
- Target version changed from 1.8.3 to 1.8.2
Updated by Anonymous almost 10 years ago
- Target version changed from 1.8.2 to 1.8.1
Updated by Dominic Cleal almost 10 years ago
- translation missing: en.field_release set to 10
Updated by Dominic Cleal almost 10 years ago
- Status changed from Ready For Testing to Closed
- % Done changed from 0 to 100
Applied in changeset e07f9a1245e3c88db7cd8031838cefe66988f1fe.
Updated by Dominic Cleal almost 10 years ago
- Related to Feature #6586: Allow user-specified password in rake permissions:reset added
Updated by Dominic Cleal almost 10 years ago
- Related to Bug #6606: Can't delete a user if there's only one admin account added
Updated by Dominic Cleal almost 10 years ago
- Related to Bug #6873: Error during db:seed from 1.4 to 1.6: undefined method `expire_topbar_cache' for nil:NilClass added
Updated by Dominic Cleal almost 10 years ago
- Related to Bug #6953: Fix bad internationalization calls in User added