[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] remoteuser password

To: minivend-users@minivend.com
Subject: Re: [mv] remoteuser password
From: Mike Heins <mikeh@minivend.com>
Date: Wed, 17 May 2000 04:02:08 -0400
In-Reply-To: <Pine.BSF.4.21.0005161815460.2077-100000@Rigel.orionsys.com>
References: <4.3.0.20000516165603.00ac7860@mail> <Pine.BSF.4.21.0005161815460.2077-100000@Rigel.orionsys.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from Mike Heins <mikeh@minivend.com>     ******

Quoting David Babler (dbabler@rigel.orionsys.com):
> 
> OKay, I've been over and over this, searched the archives and got even
> more confused, especially since most of the relevant archive hits were for
> MiniVend 3.xx.
> 
> I'm running FreeBSD 4.0, Apache-1.3.6/mod_ssl/2.2.8 and MiniVend 4 (the
> latest version on the website). I have all of the required and suggested
> Perl modules installed and pgp 2.6.2 is installed and operational with
> keys generated for the minivend user. I can get the basic and simple
> example cases working... mostly.
> 
> Problems:
> 
> 1. The documentation mentions the remote user password as being "encrypted
> or unencrypted" and even shows a "blank" encrypted password, however,
> makecat never encrypts this field in the catalog.cfg file, leaving it
> plaintext. Additionally, it is really unclear what the difference is
> between the superuser defined for the catalog in the catalog.cfg file as
> compared to the superuser(s) defined in the minimate db file.

Makecat gives you the option to either run encrypted or not encrypted.
If you have the recommended module set installed, you can hit the <UP>
key at the password prompt and it will set an encrypted version of "pass"
in the file.

> 
> 2. Enabling "encrypted passwords" in the 'simple' example results in the
> "superuser" for that catalog not being able to ever gain access because
> the password does not ever match - entered exactly as it exists in the
> catalog.cfg file. Setting the UserDB crypt state back to '0' allows the
> superuser to log in except that, of course, the remote user is NOT in the
> userdb at all, so this correspondance seems a little odd to me.
> 
> 3. The makecat program, when given the example of 'simple' produces
> either:
> 
> 	UserDB	default	crypt	0
> -or-
> 	UserDB	default crypt	10
> 
> which I assume is wrong.

Your assumption of wrong is wrong. 8-) As long as the crypt parameter
is non-zero, it is true.

> The bottom line is: how do you make remoteuser passwords work with
> encrypted passwords?

They are two separate things. I think are confusing HTTP basic authorization
with Minimate and Minivend's UserDB. They are two separate things.

Minimate in Minivend 4 requires you to log in via the Minivend userdb before
it will work. You can do both if you want, but you must do the latter.

-- 
Internet Robotics, 131 Willow Lane, Floor 2, Oxford, OH  45056
phone +1.513.523.7621 fax 7501 <mikeh@minivend.com>

The U.S. Senate -- white male millionaires working for YOU!  -- Dave Barry
-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: [mv] remoteuser password
  - From: David Babler <dbabler@rigel.orionsys.com>

References:
- Re: [mv] mv_arg?
  - From: Ed LaFrance <newmedia@newmediaems.com>
- [mv] remoteuser password
  - From: David Babler <dbabler@rigel.orionsys.com>

Prev by Date: Re: [mv] Products.asc and .db
Next by Date: Re: [mv] remoteuser password
Prev by thread: [mv] remoteuser password
Next by thread: Re: [mv] remoteuser password
Index(es):
- Date
- Thread