[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
[mv] remoteuser password
****** message to minivend-users from David Babler <dbabler@Rigel.orionsys.com> ******
OKay, I've been over and over this, searched the archives and got even
more confused, especially since most of the relevant archive hits were for
MiniVend 3.xx.
I'm running FreeBSD 4.0, Apache-1.3.6/mod_ssl/2.2.8 and MiniVend 4 (the
latest version on the website). I have all of the required and suggested
Perl modules installed and pgp 2.6.2 is installed and operational with
keys generated for the minivend user. I can get the basic and simple
example cases working... mostly.
Problems:
1. The documentation mentions the remote user password as being "encrypted
or unencrypted" and even shows a "blank" encrypted password, however,
makecat never encrypts this field in the catalog.cfg file, leaving it
plaintext. Additionally, it is really unclear what the difference is
between the superuser defined for the catalog in the catalog.cfg file as
compared to the superuser(s) defined in the minimate db file.
2. Enabling "encrypted passwords" in the 'simple' example results in the
"superuser" for that catalog not being able to ever gain access because
the password does not ever match - entered exactly as it exists in the
catalog.cfg file. Setting the UserDB crypt state back to '0' allows the
superuser to log in except that, of course, the remote user is NOT in the
userdb at all, so this correspondance seems a little odd to me.
3. The makecat program, when given the example of 'simple' produces
either:
UserDB default crypt 0
-or-
UserDB default crypt 10
which I assume is wrong. In trying to fix #2 above, I've been setting this
value to '1' and it seems to work for the userdb password fields - running
strings on the userdb.db file gives me no cleartext passwords whereas
before they were fully visible.
3. The crypt_program variable remains 'none' regardless of the presence
or absence of the pgp program on a from-scratch installation. Manually
editing the minivend program to set the proper path for pgp on a FreeBSD
system (/usr/local/bin/pgp, not /usr/bin/pgp) does let it set the program
variable correctly. It would be useful if it either looks for pgp and
enables this automatically or at least mentions that you have to tweak the
minivend source.
Another oddity is that makecat expects to find the minivend program at
/usr/local/minivend/bin/minivend whereas it is actually installed at
/usr/minivend/bin/minivend. Putting in a link in the /usr/local/minivend
lets it work.
4. Adding the LocationMatch statement to Apache and setting a password for
the administration page produces a proper browser password dialog and
entry of the Apache password gives access to the config menu, but each
time I try to perform any operation, MiniVend asks for a username/password
(which of course never works).
5. Accessing www.domain.com/cgi-bin/simple/config/menu works but
www.domain.com/cgi-bin/simple/admin/menu always responds that there is no
such page. Without encrypted passwords, clicking on the 'frames' link in
the admin menu works okay, however.
The bottom line is: how do you make remoteuser passwords work with
encrypted passwords?
Thanks.
-Dave
-
To unsubscribe from the list, DO NOT REPLY to this message. Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list
