setting password via env variable MERMEID_admin_password does not persist restart #221
Description
as reported by Dominik Kasper:
If you work with the environment variable
MERMEID_admin_password, then in my opinion the empty admin PW should be overwritten at the first startup (= post-install script is executed) and the new one from the variable should be written to the database (if it is persistent). Further ups and downs, starts or stops should retain the PW as long as the contents of the eXist-data directory are retained.
In my case, however, something else happens: The admin PW is NOT written to the database, but is basically only valid for this “run” (with a persistent database!). In other words: I start up containers with the MERMEID_admin_password variable set. I can then log in to MerMEID, Monex, eXide, etc. with the password. (In the dashboard too, even if it doesn't look like that, but I'm sure you know the problem with that). I then stop the environment or shut it down. When it starts up again, the admin PW is back to default, i.e. empty string.
There are known problems with the
sm:passwdfunction, as already reported. I just wanted to let you know in case you are not aware of this. The solution in practice is simple: the admin PW must be set manually (additionally) via the dashboard's user manager the first time the system is started up. During this short time, nobody can get in because the PW from the environment variable seems to be valid at least for the “session”. Once it has been set manually, it is actually stored in the DB and is retained.
Translated with DeepL.com (free version)