Get rid of default login credentials
Right now we have to explain to all people installing GitLab that they have to submit root
and password
to login initially.
There are three disadvantages:
- It is a hurdle when installing GitLab
- We have to unlearn the previous credential
root
and5iveL!fe
that can be found all over the internet - Having a default password looks insecure (it is ascetic since you have to change it on login)
Can we hotwire Devise so the first screen you see after installation is to set a new root password? This screen would have two fields, password and confirmation, there is no field for the old password.
This would:
- Make installing GitLab easier
- Prevent the user searching the net and fining old credentials
- Would not look insecure
What needs to happen:
- On new installations drop people in the root password reset screen without needing to login with default credentials
- Preserve the existing option to set a password for the first user through the command line, they than will not have to reset the password on login