Discussion:
Archiva 2.2.x, resetting password
Thad Humphries
2016-08-16 17:25:41 UTC
Permalink
Despite earlier efforts to get Archiva to stop requiring password reset,
it's done it again. Now neither user nor admin can get in and the "Reset
Password" button seems to do nothing.

How can I clear the old passwords and reset the admin and users? Or (as
done at least once before) must I blow it all away an reinstall?

Can't this "feature" be disable? There is *at most* only two of using this.
--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v. 121-24)
Jörg Schaible
2016-08-16 22:32:05 UTC
Permalink
Hi Thad,
Post by Thad Humphries
Despite earlier efforts to get Archiva to stop requiring password reset,
it's done it again. Now neither user nor admin can get in and the "Reset
Password" button seems to do nothing.
How can I clear the old passwords and reset the admin and users? Or (as
done at least once before) must I blow it all away an reinstall?
Can't this "feature" be disable? There is *at most* only two of using this.
I had also a very annoying fight with this and I am only one. I found
finally a location to turn the expiration off (at least I hope so):

================ %< ===============
$ sudo cat /var/lib/archiva/security.properties
security.policy.password.previous.count=0
security.policy.password.expiration.enabled=false
================ %< ===============

However, I was in the same situation as you and I finally created a new DB
for the Archiva users, configured Archiva to use that one instead and let it
recreate an admin and guest user (note, you have to turn off password
expiration before). Then I exported the two JDOUSER* tables, dropped
anything in these tables of the original DB and imported the data. After
that I configured Archiva to use the original User DB again. Now I could
login as admin again and was able to recreated my user.

Note: Always shut down Tomcat before you change something in the DB.

Hope this works for you also.

Cheers,
Jörg
Thad Humphries
2016-08-16 23:08:16 UTC
Permalink
Thanks. I tried something similar before (see
http://www.mail-archive.com/***@archiva.apache.org/msg02910.html) by
creating a ~/.m2/security.properties file, but I set
security.policy.password.previous.count to -1. Maybe zero will work for me
this time.

Frankly, I'm not familiar enough with the nits of Archiva administration to
follow you on your fix. I am not running Archiva under Tomcat but simply
starting it on port 8080:

$ cd /opt/apache-archiva-2.2.0
$ nohup bin/archiva console start &

I may be stuck rebuilding it (or switching to Nexus).
Post by Jörg Schaible
Hi Thad,
Post by Thad Humphries
Despite earlier efforts to get Archiva to stop requiring password reset,
it's done it again. Now neither user nor admin can get in and the "Reset
Password" button seems to do nothing.
How can I clear the old passwords and reset the admin and users? Or (as
done at least once before) must I blow it all away an reinstall?
Can't this "feature" be disable? There is *at most* only two of using this.
I had also a very annoying fight with this and I am only one. I found
================ %< ===============
$ sudo cat /var/lib/archiva/security.properties
security.policy.password.previous.count=0
security.policy.password.expiration.enabled=false
================ %< ===============
However, I was in the same situation as you and I finally created a new DB
for the Archiva users, configured Archiva to use that one instead and let it
recreate an admin and guest user (note, you have to turn off password
expiration before). Then I exported the two JDOUSER* tables, dropped
anything in these tables of the original DB and imported the data. After
that I configured Archiva to use the original User DB again. Now I could
login as admin again and was able to recreated my user.
Note: Always shut down Tomcat before you change something in the DB.
Hope this works for you also.
Cheers,
Jörg
--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v. 121-24)
Thad Humphries
2016-08-16 23:41:50 UTC
Permalink
Okay, I finally found the reset messages and I'm back with new passwords.
I've also changed security.policy.password.previous.count to 0 and
restarted. We'll see in another 90 or 180 days.

Very odd, though: When I login as admin, the login dialog does not
disappear. I have reload the page before I see my admin menu options.
Thanks. I tried something similar before (see http://www.mail-archive.
~/.m2/security.properties file, but I set security.policy.password.previous.count
to -1. Maybe zero will work for me this time.
Frankly, I'm not familiar enough with the nits of Archiva administration
to follow you on your fix. I am not running Archiva under Tomcat but
$ cd /opt/apache-archiva-2.2.0
$ nohup bin/archiva console start &
I may be stuck rebuilding it (or switching to Nexus).
Post by Jörg Schaible
Hi Thad,
Post by Thad Humphries
Despite earlier efforts to get Archiva to stop requiring password reset,
it's done it again. Now neither user nor admin can get in and the "Reset
Password" button seems to do nothing.
How can I clear the old passwords and reset the admin and users? Or (as
done at least once before) must I blow it all away an reinstall?
Can't this "feature" be disable? There is *at most* only two of using this.
I had also a very annoying fight with this and I am only one. I found
================ %< ===============
$ sudo cat /var/lib/archiva/security.properties
security.policy.password.previous.count=0
security.policy.password.expiration.enabled=false
================ %< ===============
However, I was in the same situation as you and I finally created a new DB
for the Archiva users, configured Archiva to use that one instead and let it
recreate an admin and guest user (note, you have to turn off password
expiration before). Then I exported the two JDOUSER* tables, dropped
anything in these tables of the original DB and imported the data. After
that I configured Archiva to use the original User DB again. Now I could
login as admin again and was able to recreated my user.
Note: Always shut down Tomcat before you change something in the DB.
Hope this works for you also.
Cheers,
Jörg
--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v. 121-24)
--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v. 121-24)
Jörg Schaible
2016-08-17 17:54:00 UTC
Permalink
Hi Thad,
Post by Thad Humphries
Okay, I finally found the reset messages and I'm back with new passwords.
I've also changed security.policy.password.previous.count to 0 and
restarted. We'll see in another 90 or 180 days.
It seems that the setting in the security.properties will have no effect on
already existing passwords. It is a flag in the JDOUSER table. However, you
cannot manually change this flag (I've tried), because it has influence on
the password's hash value. You can inspect the data record now, if tghe
value is 0, your password should not expire.
Post by Thad Humphries
Very odd, though: When I login as admin, the login dialog does not
disappear. I have reload the page before I see my admin menu options.
Thanks. I tried something similar before (see http://www.mail-archive.
~/.m2/security.properties file, but I set
security.policy.password.previous.count to -1. Maybe zero will work for
me this time.
Frankly, I'm not familiar enough with the nits of Archiva administration
to follow you on your fix. I am not running Archiva under Tomcat but
$ cd /opt/apache-archiva-2.2.0
$ nohup bin/archiva console start &
I may be stuck rebuilding it (or switching to Nexus).
Actually I was tempted to switch to Nexus also.

Cheers,
Jörg
Olivier Lamy
2016-08-18 01:45:41 UTC
Permalink
Post by Thad Humphries
Thanks. I tried something similar before (see
creating a ~/.m2/security.properties file, but I set
security.policy.password.previous.count to -1. Maybe zero will work for me
this time.
Frankly, I'm not familiar enough with the nits of Archiva administration to
follow you on your fix. I am not running Archiva under Tomcat but simply
$ cd /opt/apache-archiva-2.2.0
$ nohup bin/archiva console start &
I may be stuck rebuilding it (or switching to Nexus).
mvn clean install -DskipTests
This doesn't work?
We will be definitely very happy to have more people to help (fixing issues
etc...)
Yup that's an open source project which doesn't any company supporting it
so it relies on contributor spare time.
Personally I have a very limited one ATM.
I'm pretty sure if you provide patches or pull request you will quickly
gain commit karma.

Cheers
Olivier
Post by Thad Humphries
Post by Jörg Schaible
Hi Thad,
Post by Thad Humphries
Despite earlier efforts to get Archiva to stop requiring password
reset,
Post by Jörg Schaible
Post by Thad Humphries
it's done it again. Now neither user nor admin can get in and the
"Reset
Post by Jörg Schaible
Post by Thad Humphries
Password" button seems to do nothing.
How can I clear the old passwords and reset the admin and users? Or (as
done at least once before) must I blow it all away an reinstall?
Can't this "feature" be disable? There is *at most* only two of using this.
I had also a very annoying fight with this and I am only one. I found
================ %< ===============
$ sudo cat /var/lib/archiva/security.properties
security.policy.password.previous.count=0
security.policy.password.expiration.enabled=false
================ %< ===============
However, I was in the same situation as you and I finally created a new
DB
Post by Jörg Schaible
for the Archiva users, configured Archiva to use that one instead and let it
recreate an admin and guest user (note, you have to turn off password
expiration before). Then I exported the two JDOUSER* tables, dropped
anything in these tables of the original DB and imported the data. After
that I configured Archiva to use the original User DB again. Now I could
login as admin again and was able to recreated my user.
Note: Always shut down Tomcat before you change something in the DB.
Hope this works for you also.
Cheers,
Jörg
--
"Hell hath no limits, nor is circumscrib'd In one self-place; but where we
are is hell, And where hell is, there must we ever be" --Christopher
Marlowe, *Doctor Faustus* (v. 121-24)
--
Olivier Lamy
http://twitter.com/olamy | http://linkedin.com/in/olamy
Loading...