Master password

GeoServer uses a master password used to safely store security certificates. This password can optionally be used to login as the root user.

Recommendations:

• When upgrading you may receive a warning to change the master password from a historical default.

• When integrating with an external security system such as a LDAP it is recommended to enable root user login using the master password.

• When setting up GeoServer for the first time removing the generated masterpw.info file is recommended to avoid security issues.

Remove master password has not been changed from the default warning

1. When upgrading an early GEOSERVER_DATA_DIRECTORY setup you will be asked replace the default master password.

   The master password for this server has not been changed from the default. It is highly recommended that you change it now.

   Click Change it link to open the Change Master Password page.

   

   Change master password warning

2. Change the master password using:

   Current password	geoserver
   New Password	New password definition. Master password policy requires at least eight characters.
   Confirmation	Retype your new password

   

   Change master password

3. Press Change Password to set the new master password.

Remove masterpw.info warning

When the GEOSERVER_DATA_DIR/security folder is created a masterpw.info is created for your referemce.

To remove the masterpw.info file:

1. The Welcome page displays the following warning to administrators:

   Please read the file security/masterpw.info and remove it afterwards. This file is a security risk.

   

   masterpw.info warning

2. Navigate to Tools page, and open Resource browser.

   

   Tools page

3. Select security/master.pw.info and Edit to view the contents of the file.

   Make a note of this password for your records.

   The contents are generated when the security folder is created, so your password will be different from the one shown below.

   

   Edit master.pw.info file

4. Select security/master.pw.info and Delete to remove the file and address the warning on the welcome screen.

   

   Delete master.pw.info file

Recover master password

The master password can be written out to the filesystem:

1. Navigate to Security > Passwords page.

2. Click Master password forgotten link to open the Dump master password page.

   

   Password page

3. Use the Dump master password page to define a file location to export the master password:

   Filename:	/usr/local/geoserver-live/data/master.txt

   

   Location to export master password

4. Press Dump to file to write the file out.

   

   Master passport export

5. Use the Tools > Resource browser to select the master.txt created above:

   • Use Edit to review the contents of the file and make a note of the master password.

   • Use Delete to remove this file when finished

   

   Review and delete exported file

Change master password

To change the master password, follow these steps:

1. Navigate to Security > Passwords page.

2. Click the Change password link.

   

   Password page

3. Change the master password using:

   Current password	Current master password recorded from master.pw.info or recovered to an exported file.
   New Password	New password definition. Master password policy requires at least eight characters.
   Confirmation	Retype your new password

   

   Change master password

4. Press Change Password to set the new master password.

Enable root user login

To enable root user login:

1. Navigate to Security > Passwords page.

2. Locate the Master Password Providers table and select default from the list.

   

   Master password providers

3. Update the settings:

   Allow “root” user to login as Admin	Selected

   

   Master password settings

4. Press Save

5. Press Logout button at the top of the screen, and use your paster password to login as root.

   User name	root
   Password	Current master password recorded from master.pw.info or recovered to an exported file.

   

   Login as root user