[Archivesspace_Users_Group] More admins, more problems

Custer, Mark mark.custer at yale.edu
Tue Feb 9 15:39:59 EST 2016


All,

I wanted to send out a friendly reminder about admin accounts in ArchivesSpace (and this is coming strictly from an ArchivesSpace user's perspective).

As most are aware, when you install ArchivesSpace without any configuration changes, you wind up with a single admin account in ArchivesSpace that has a username equal to "admin" and a password set to be the same.  You'll want to change this password to something else long before you go into production mode.  For the most part, I think that people take care of this on or around day one, but if you can log into your ASpace application using that username and password, you'll want to update that password to something else that's a lot more secure!

Less well known is what happens when you use the migration tool to populate your ArchivesSpace database (I sent an email about this to the listserv way back on May 8, 2015, but I don't know if what I'm about to describe is documented anywhere else yet).  If you've migrated to ArchivesSpace using the Archivists' Toolkit migration tool (and I'm pretty sure this happens with the Archon tool, as well), then another admin user will be added to your database.  This admin user will have a username that's equal to "asadmin".  I'm not actually sure why the migration tool creates another user (or if the current versions still do this), especially since you have to supply admin credentials to the migration tool to run against the ASpace API, but I know that this happened during our migration process - and I've seen this phantom admin user account in other ArchivesSpace installations, as well.  When we discovered this new user, we deleted it from our database immediately after our final migration process.

So, I'd like to ask everyone out there to check and see if they can login to their own ArchivesSpace with an "asadmin" account, whether you're in production or not (the password is easy to guess, since it's the same as the default admin user's password).  If you can log in that way, I'd suggest deleting that user immediately!

Mark




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20160209/0acafa8f/attachment.html>


More information about the Archivesspace_Users_Group mailing list