View Issue Details

IDProjectCategoryView StatusLast Update
0009379mantisbtinstallationpublic2015-12-21 13:39
Reportermarc Assigned To 
Status acknowledgedResolutionopen 
Product Version1.1.2 
Summary0009379: Mention the default user/password after fresh installation

After a sucessfull fresh installation, it says on admin/install.php:

Install was successful.
Continue to log into Mantis.

After clicking on Continue, you are redirectede to the login screen and have no clue how to login now.

It should mention the default user/password combination of administrator/root on the Install page.

TagsNo tags attached.




2008-07-12 17:59

reporter   ~0018380

Actually, I have heard too much times the question "what is the default login/password after installation?"

We probably need to add this info to the warning message we have now:

You should disable the default "administrator" account or change its password.



2008-07-13 02:31

manager   ~0018384

You may be right, since this will force the administrator to really go and change the password. However, the more conservative option is to show it on the installation page (big font).



2015-12-13 07:55

reporter   ~0052117

I know this is two years later - after successful install make the admin account login (auto or manual) with a forced password change of admin account.
Then force a once only create new account followed by disable of admin account after new account creation.
or is that too locked down? (or complex?)



2015-12-13 17:41

developer   ~0052120

I think it would be difficult, once logged in, to force the the admin to create another user account.

Probably a better and simpler approach would be to request the admin account's ID and password in the installer, and never create administrator / root in the first place.



2015-12-14 12:01

manager   ~0052121

Option 1: I agree that including setting the default username / password in the installer would be a good thing. It will make sure that the user sets such name and password and that each instance will have a unique username for such administrator.

Option 2: About a year ago I implemented 0016477 which redirects user to their account page and asks them to change their password after login. If we log the user in as part of installation, then clicking on the link to go to Mantis, can take them directly to change password page within the core product.

Option 3: In the meantime, if we want a simple least change approach, we can show username / password when administrator default username/password are valid and # of issues in the database is 0. Extra query, but only if admin/root is enabled.

I pretty much like these options in the order they are listed.



2015-12-14 13:02

reporter   ~0052122

Option 1 is the best option - it also doesnt enforce any types of specific design rules on the users.



2015-12-20 22:02

reporter   ~0052150

+1 on any of the options above. I've been using Mantis for many years and every time I do an install I need to Google the default admin username and password. This must be really confusing to new folks.



2015-12-21 13:39

developer   ~0052156

I need to Google the default admin username and password

Or read the manual