MXS-1220: Enable admin authentication by default

The admin interface now uses HTTP BA authentication by default. This will
prevent unrestricted access to the REST API but the authentication is by
no means secure and the HTTPS mode for the REST API should be enabled for
all production systems.

Documentation/Getting-Started/Configuration-Guide.md

@@ -542,7 +542,7 @@ The port where the HTTP admin interface listens on. The default value is port
 
 Enable HTTP admin interface authentication using HTTP Basic Access
 authentication. This is not a secure method of authentication but it does add a
-small layer of security. This option is disabled by default.
+small layer of security. This option is enabled by default.
 
 The admin interface authentication uses the same user as MaxAdmin network
 interface. This means that new users can be added with both MaxAdmin and the

server/core/config.cc

@@ -1806,7 +1806,7 @@ global_defaults()
     gateway.auth_write_timeout = DEFAULT_AUTH_WRITE_TIMEOUT;
     gateway.skip_permission_checks = false;
     gateway.admin_port = DEFAULT_ADMIN_HTTP_PORT;
-    gateway.admin_auth = false;
+    gateway.admin_auth = true;
     gateway.admin_enabled = true;
     strcpy(gateway.admin_host, DEFAULT_ADMIN_HOST);
     gateway.admin_ssl_key[0] = '\0';

server/test/maxscale_test.cnf

@@ -6,13 +6,7 @@ datadir=@CMAKE_INSTALL_PREFIX@/
 cachedir=@CMAKE_INSTALL_PREFIX@/
 language=@CMAKE_INSTALL_PREFIX@/lib/maxscale/
 piddir=@CMAKE_INSTALL_PREFIX@/
-
-[feedback]
-feedback_enable=true
-feedback_user_info=user_info
-feedback_url=http://127.0.0.1:8080/load.php
-feedback_timeout=60
-feedback_connect_timeout=60
+admin_auth=false
 
 [MySQL Monitor]
 type=monitor