Make it possible to login with external authentication for the root user
|Reported by:||Nicklas Nordborg||Owned by:||everyone|
Currently, login attempts to root account will never be passed on to external authentication. This was a safety measure to ensure that it is possible to login and make configuration changes in case there is a problem with the external authentication. However, it is also a weakness since the most powerful account is always only protected by a password. Since external authentication is probably used to increase security this should also apply to the root user.
In order to solve the issue with a non-working external authentication, an administrator should instead log in to the server (eg. via ssh) and then:
- Stop the Tomcat server
- Remove the JAR file responsible for external authentication from the plug-ins directory
- Re-start the Tomcat server