Passwords

This page configures the various options related to Passwords, the Master password, and Password policies.

Note

User passwords may be changed in the Users dialog box accessed from the Users, Groups, Roles page.

Active master password provider

This option sets the active master password provider, via a list of all available master password providers.

../../_images/passwd_activemaster.png

Active master password provider

To change the master password click the Change password link.

../../_images/passwd_changemaster.png

Changing the master password

Warning

First thing to do as an Administrator of the System, would be to dump the Master Password generated by GeoServer, store it somewhere not accessible by anyone, and delete any security/masterpw.info or whatever file you used to dump the password in clear.

Master Password Providers

This section provides the options for adding, removing, and editing master password providers.

../../_images/passwd_masterprovider.png

Master password provider list

Note

By default the login to Admin GUI and REST APIs with Master Password is disabled. In order to enable it you will need to manually change the Master Password Provider config.xml, usually located into security/masterpw/default/config.xml, by adding the following statement:

``<loginEnabled>true</loginEnabled>``

Password policies

This section configures the various Password policies available to users in GeoServer. New password policies can be added or renamed, and existing policies edited or removed.

By default there are two password policies in effect, default and master. The default password policy, intended for most GeoServer users, does not have any active password constraints. The master password policy, intended for the Root account, specifies a minimum password length of eight characters. Password policies are applied to users via the user/group service.

../../_images/passwd_policies.png

List of password policies

Clicking an existing policy enables editing, while clicking the Add new button will create a new password policy.

../../_images/passwd_newpolicy.png

Creating a new password policy