[Archivesspace_Users_Group] More admins, more problems

Mang Sun mang.sun at rice.edu
Tue Feb 9 16:42:52 EST 2016


  Just got it fixed. Thank you.

Mang Sun
Rice U.

On 2/9/2016 2:39 PM, Custer, Mark wrote:
>
> All,
>
> I wanted to send out a friendly reminder about admin accounts in 
> ArchivesSpace (and this is coming strictly from an ArchivesSpace 
> user’s perspective).
>
> As most are aware, when you install ArchivesSpace without any 
> configuration changes, you wind up with a single admin account in 
> ArchivesSpace that has a username equal to “*admin*” and a password 
> set to be the same.  You’ll want to change this password to something 
> else long before you go into production mode.  For the most part, I 
> think that people take care of this on or around day one, but if you 
> can log into your ASpace application using that username and password, 
> you’ll want to update that password to something else that’s a lot 
> more secure!
>
> Less well known is what happens when you use the migration tool to 
> populate your ArchivesSpace database (I sent an email about this to 
> the listserv way back on May 8, 2015, but I don’t know if what I’m 
> about to describe is documented anywhere else yet).  If you’ve 
> migrated to ArchivesSpace using the Archivists’ Toolkit migration tool 
> (and I’m pretty sure this happens with the Archon tool, as well), then 
> another admin user will be added to your database.  This admin user 
> will have a username that’s equal to “*asadmin*”.  I’m not actually 
> sure why the migration tool creates another user (or if the current 
> versions still do this), especially since you have to supply admin 
> credentials to the migration tool to run against the ASpace API, but I 
> know that this happened during our migration process – and I’ve seen 
> this phantom admin user account in other ArchivesSpace installations, 
> as well. When we discovered this new user, we deleted it from our 
> database immediately after our final migration process.
>
> So, I’d like to ask everyone out there to check and see if they can 
> login to their own ArchivesSpace with an “*asadmin*” account, whether 
> you’re in production or not (the password is easy to guess, since it’s 
> the same as the default admin user’s password).  If you can log in 
> that way, I’d suggest deleting that user immediately!
>
> Mark
>
>
>
> _______________________________________________
> Archivesspace_Users_Group mailing list
> Archivesspace_Users_Group at lyralists.lyrasis.org
> http://lyralists.lyrasis.org/mailman/listinfo/archivesspace_users_group

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lyralists.lyrasis.org/pipermail/archivesspace_users_group/attachments/20160209/0ec7dc84/attachment.html>


More information about the Archivesspace_Users_Group mailing list