This is an experience report from a user.
I stood up a new Archiva instance about 90 days ago. As per default security configuration, user passwords began to expire recently.
It seems that even the guest account has expired . As a result, guest access is now 403 Forbidden.
Since the guest account is for anonymous access, and has no password, this account probably should be exempt from password expiration. Is this a bug?
I can reset the guest password successfully, restoring access for this account. However, I cannot reset to the empty password using the web interface. The edit user form complains of the password field, "This field is required." Is this also a bug?