Canonical Juju

Change juju gui password to 'admin' causes --show-credentials to show blank password

Bug #1631772 reported by Mark W Wenning on 2016-10-09

This bug report is a duplicate of: Bug #1659591: non-admin users don't get a password and juju gui --show-credentials doesn't work. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Canonical Juju	Triaged	High	Unassigned

Bug Description

To duplicate:
1. Install juju 2.0 rc2
2. Change 'admin' password to 'admin' instead of the randomly generated UID
3. Bootstrap juju
4. Run 'juju gui --show credentials'
5. Credentials will show up as login = admin@local, password=

i.e. blank password. admin/admin will still work on the juju gui screen, but the cli command will not list any password.

Revision history for this message

Francesco Banconi (frankban) wrote on 2016-10-10:

This also affects "juju show-controller --show-password": the password is no longer included in the output after changing the initial one.

Anastasia (anastasia-macmood) on 2016-10-11

Changed in juju:
status:	New → Triaged
importance:	Undecided → High
milestone:	none → 2.0.1

Curtis Hovey (sinzui) on 2016-11-01

Changed in juju:
milestone:	2.0.1 → none

Revision history for this message

Anastasia (anastasia-macmood) wrote on 2019-06-24:

I'll look into this but it's possible that the password will not be available once changed since we are keeping it in an encrypted form and the way security works, I imagine, is that we cannot decrypt it.

Either way, since this report was filed, the output of juju GUI after a password change, shows:

```
$ juju gui --show-credentials
GUI 2.14.0 for model "admin/default" is enabled at:
  https://[redacted]/gui/u/admin/default
Your login credential is:
  username: admin
  password: <unknown> (password has been changed by the user)

```

But the 'show-controller --show-password' is still omitted when password is changed for the 'admin' user.

Changed in juju:
assignee:	nobody → Anastasia (anastasia-macmood)
status:	Triaged → In Progress

Revision history for this message

Anastasia (anastasia-macmood) wrote on 2019-06-24:

So prior to using macaroons, we used to store passwords on client's disk. With macaroons, we have explicitly opted not to store the password but store macaroon instead. This means that all commands that relied on this information being stored on disk, stopped working.

Anastasia (anastasia-macmood) on 2019-06-24

Changed in juju:
status:	In Progress → Triaged
assignee:	Anastasia (anastasia-macmood) → nobody

Revision history for this message

Anastasia (anastasia-macmood) wrote on 2019-06-27:

Actually this is a duplicate of another bug where is a better discussion around 'why we should [i.e. should not] expose/store plain text password?'

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1659591 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.