[MAGNOLIA-190] Magnolia cease to publish after superuser password change Created: 15/Nov/04  Updated: 18/Nov/04  Resolved: 18/Nov/04

Status: Closed
Project: Magnolia
Component/s: None
Affects Version/s: 2.0 Final
Fix Version/s: None

Type: Bug Priority: Major
Reporter: Massimiliano Segreto Assignee: Sameer Charles
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Linux 2.6.3-7mdk i686
java version "1.4.2_06"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.4.2_06-b03)
Java HotSpot(TM) Client VM (build 1.4.2_06-b03, mixed mode)


Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

Step to replicate the problem

Start author webapp
Start public webapp

In the author instance log in as superuser

1) Add a page, publish it: It works.

2) Go to user, edit superuser, change password, save, activate superuser. log out closing the browser.

3) Login as superuser using the new password, add a page, publish the added page: It does NOT work anymore

Workaround.

It seems that as soon as you change the superuser pwd, the superuser account cannot publish himself and the pages because its instance on author an the one on public webapp are not in sync.

To avoid the problem you must create another user account with all the privilege like superuser and publish it BEFORE the superuser pwd change.

In this way you can change the pwd on superuser, log in as the "NewUserWithAllPriv" and using this user account still working you could activate the superuser account and its new password



 Comments   
Comment by Sameer Charles [ 18/Nov/04 ]

sure,
that's an expected behaviour. user credentials must match on the receiver end, otherwise any application
could post content without authorization.

may be we should deliver more than just one superuser.

Comment by Massimiliano Segreto [ 18/Nov/04 ]

Adding a second superuser is useful, but the most important thing IMHO is to warn about the correct superuser change pwd procedure in the install readme file.

I was evaluating M2.0 with some collaborators. To do this I deployed M2.0 on a public server and the first action i did (and anyone would do) to secure M2.0 is to change the standard superuser pwd, causing the problem.

Comment by Sameer Charles [ 18/Nov/04 ]

agree,
I propose to start a issue list on wiki so we wont miss anything for next release.
ll setup a page and post on dev/user lists

Comment by Sameer Charles [ 18/Nov/04 ]

http://www.magnolia.info/wiki/Edit.jsp?page=Issues+%2F+FAQ

Comment by Sameer Charles [ 18/Nov/04 ]

http://www.magnolia.info/wiki/Wiki.jsp?page=IssuesAndFAQ

Generated at Mon Feb 12 03:14:59 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.