Introduction / FirstSpirit ServerManager / Server properties / App passwords / Fixing a faulty configuration
Fixing a faulty configuration
The default app password should never be disabled until you are sure that the new authentication parameters have been fully configured and the new authentication process actually works. The server log indicates whether the authentication process was successful:
… App Password 'App Password 2' login from address '127.0.0.1' granted
In rare cases, a faulty configuration may prevent access to the FirstSpirit start page or FirstSpirit ServerManager. In such an event, access can be restored by using the following parameters in the fs-server.conf file:
enableDefaultAppPassword=true: If true is passed here, the default password is enabled for all internal connections to the FirstSpirit server. This allows you to log in via the FirstSpirit start page or FirstSpirit ServerManager if the default password has been accidentally disabled or if the app password has been configured incorrectly.
appPasswordIpWhitelist=localhost: This parameter enables communication to take place with the FirstSpirit server in the case of the IP addresses or host names specified here. If, for instance, an incorrect IP address restriction has been configured for the default password (via “Allowed IP addresses”), this parameter can be used to extend the list, e.g. to enable the localhost to access the FirstSpirit start page or FirstSpirit ServerManager.
Both parameters enable access to the FirstSpirit server in the event of a faulty configuration so that the erroneous settings can be corrected. Following successful authentication with an app password, they should be reset to their default setting (no default access). Leaving the parameters permanently set will bypass the app password security concept!
Excerpt from fs-server.conf:
#######################
# Application passwords
#######################
# Empty means: enable/disable default password via ServerManager GUI
# enableDefaultAppPassword=true
enableDefaultAppPassword=
# Comma separated list of hosts or addresses, which are always allowed to use
# application passwords. Application passwords without IP limitations
# are not affected by this list. If a IP limitation is present for a password, the
# list of allowed hosts or addresses is automatically extended by this list.
appPasswordIpWhitelist=localhost,localhost.localdomain