This page configures the various options related to Passwords, the Master password, and Password policies.


User passwords may be changed in the Users dialog box accessed from the Users, Groups, Roles page.

Active master password provider

This option sets the active master password provider, via a list of all available master password providers.


Active master password provider

To change the master password click the Change password link.


Changing the master password


First thing to do as an Administrator of the System, would be to dump the Master Password generated by GeoServer, store it somewhere not accessible by anyone, and delete any security/ or whatever file you used to dump the password in clear.

Master Password Providers

This section provides the options for adding, removing, and editing master password providers.


Master password provider list


By default the login to Admin GUI and REST APIs with Master Password is disabled. In order to enable it you will need to manually change the Master Password Provider config.xml, usually located into security/masterpw/default/config.xml, by adding the following statement:


Password policies

This section configures the various Password policies available to users in GeoServer. New password policies can be added or renamed, and existing policies edited or removed.

By default there are two password policies in effect, default and master. The default password policy, intended for most GeoServer users, does not have any active password constraints. The master password policy, intended for the Root account, specifies a minimum password length of eight characters. Password policies are applied to users via the user/group service.


List of password policies

Clicking an existing policy enables editing, while clicking the Add new button will create a new password policy.


Creating a new password policy