View Issue Details

IDProjectCategoryView StatusLast Update
0009379mantisbtinstallationpublic2015-12-21 13:39
Reportermarc Assigned To 
PrioritynormalSeveritytextReproducibilityalways
Status acknowledgedResolutionopen 
Product Version1.1.2 
Summary0009379: Mention the default user/password after fresh installation
Description

After a sucessfull fresh installation, it says on admin/install.php:

Install was successful.
Continue to log into Mantis.

After clicking on Continue, you are redirectede to the login screen and have no clue how to login now.

It should mention the default user/password combination of administrator/root on the Install page.

TagsNo tags attached.

Activities

giallu

giallu

2008-07-12 17:59

reporter   ~0018380

Actually, I have heard too much times the question "what is the default login/password after installation?"

We probably need to add this info to the warning message we have now:

You should disable the default "administrator" account or change its password.

vboctor

vboctor

2008-07-13 02:31

manager   ~0018384

You may be right, since this will force the administrator to really go and change the password. However, the more conservative option is to show it on the installation page (big font).

crtlbreak

crtlbreak

2015-12-13 07:55

reporter   ~0052117

I know this is two years later - after successful install make the admin account login (auto or manual) with a forced password change of admin account.
Then force a once only create new account followed by disable of admin account after new account creation.
or is that too locked down? (or complex?)

dregad

dregad

2015-12-13 17:41

developer   ~0052120

I think it would be difficult, once logged in, to force the the admin to create another user account.

Probably a better and simpler approach would be to request the admin account's ID and password in the installer, and never create administrator / root in the first place.

vboctor

vboctor

2015-12-14 12:01

manager   ~0052121

Option 1: I agree that including setting the default username / password in the installer would be a good thing. It will make sure that the user sets such name and password and that each instance will have a unique username for such administrator.

Option 2: About a year ago I implemented 0016477 which redirects user to their account page and asks them to change their password after login. If we log the user in as part of installation, then clicking on the link to go to Mantis, can take them directly to change password page within the core product.

Option 3: In the meantime, if we want a simple least change approach, we can show username / password when administrator default username/password are valid and # of issues in the database is 0. Extra query, but only if admin/root is enabled.

I pretty much like these options in the order they are listed.

crtlbreak

crtlbreak

2015-12-14 13:02

reporter   ~0052122

Option 1 is the best option - it also doesnt enforce any types of specific design rules on the users.

br8kwall

br8kwall

2015-12-20 22:02

reporter   ~0052150

+1 on any of the options above. I've been using Mantis for many years and every time I do an install I need to Google the default admin username and password. This must be really confusing to new folks.

atrol

atrol

2015-12-21 13:39

developer   ~0052156

I need to Google the default admin username and password

Or read the manual
https://www.mantisbt.org/docs/master-1.2.x/en/administration_guide.html#ADMIN.INSTALL.POSTINSTALL