[AAA-1] Default admin credentials are very dangerous from a security perspective Created: 07/Apr/14 Updated: 21/Mar/19 Resolved: 16/Dec/15 |
|
| Status: | Resolved |
| Project: | aaa |
| Component/s: | General |
| Affects Version/s: | None |
| Fix Version/s: | None |
| Type: | Bug | ||
| Reporter: | David Jorm | Assignee: | Unassigned |
| Resolution: | Won't Do | Votes: | 0 |
| Labels: | None | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Environment: |
Operating System: Linux |
||
| External issue ID: | 668 |
| Description |
|
Opendaylight has default admin credentials (admin/admin). This is dangerous from a security perspective, as many users will never change the defaults. Users should be prompted to set the default admin password at install time. |
| Comments |
| Comment by Tony Tkacik [ 26/May/15 ] |
|
Moving to aaa, since config uses aaa for credentials management. |
| Comment by Wojciech Dec [ 18/Jun/15 ] |
|
AFAIK there is no installer for Opendaylight, beyond the tar-ball. Bottom line: This appears to be a good feature request for an ODL installer project, and not an AAA bug. |
| Comment by Ryan Goulding [ 15/Dec/15 ] |
|
This falls under the realm of an installer project. There is no sane way to do this as part of the AAA project. |
| Comment by Daniel Farrell [ 16/Dec/15 ] |
|
The closest thing ODL upstream has to an installer atm are the deployment tools provided by Integration/Packaging. I'm not sure we could "prompt" the user at install time, but we might be able to expose the defaults to higher layers where they are more likely to get attention. https://wiki.opendaylight.org/view/Deployment |