[AAA-156] old password still works after changing password Created: 22/Dec/17  Updated: 06/Jan/18  Resolved: 06/Jan/18

Status: Resolved
Project: aaa
Component/s: General
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Medium
Reporter: Jamo Luhrsen Assignee: Unassigned
Resolution: Duplicate Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

after using the karaf cli to change the password which works, I also noticed the old password
still works.

quick repro:

access restconf with default admin/admin credentials

curl -u "admin:admin" http://localhost:8181/restconf/streams
{"streams":{}}

change password (to admin123) in karaf console

opendaylight-user@root>aaa:change-user-pwd -user admin
Enter current password:
Enter new password:
admin's password has been changed
opendaylight-user@root>

you can see that both the new password and old password still work

curl -u "admin:admin" http://localhost:8181/restconf/streams
{"streams":{}}

curl -u "admin:admin123" http://localhost:8181/restconf/streams
{"streams":{}}

 Comments   
Comment by Evan Zeller [ 06/Jan/18 ]

jluhrsen Hey Jamo, I am unable to reproduce this on stable/nitrogen can you double check the installed features for restconf-noauth or similar?

Comment by Jamo Luhrsen [ 06/Jan/18 ]

evanz Yeah Evan, I just pulled down a recent SNAPSHOT distro from the nitro branch and I don't see this
happening there. I can reproduce it with the released nitro SR1 though. I wonder what came in to fix it?

Comment by Evan Zeller [ 06/Jan/18 ]

Looks like it was fixed here: AAA-151

Comment by Jamo Luhrsen [ 06/Jan/18 ]

yep. I forgot about that issue, but I remember seeing it when it came in.  Thanks Evan. I'll close this one.

Generated at Wed Feb 07 19:08:47 UTC 2024 using Jira 8.20.10#820010-sha1:ace47f9899e9ee25d7157d59aa17ab06aee30d3d.