[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

Re: [mv] remoteuser password

To: minivend-users@minivend.com
Subject: Re: [mv] remoteuser password
From: David Babler <dbabler@rigel.orionsys.com>
Date: Wed, 17 May 2000 17:11:00 -0700 (PDT)
In-Reply-To: <20000517175756.B23785@bill.minivend.com>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from David Babler <dbabler@Rigel.orionsys.com>     ******

On Wed, 17 May 2000, Mike Heins wrote:

> > ...Some reference somewhere that you can use htpasswd
> > to generate passwords would be handy. In a production environment, having
> > all new catalogs showing up with exactly the same password wouldn't be
> > good. <G>
> 
> That is why the prompt says:
> 
> NOCRYPT
> .

[snip]

Sorry if I'm being dense, but there still seems to be a problem because
this help text isn't presented when building the 'simple' catalog, though
it is in the config/additional_help file. There is no 'NOCRYPT' key in the
config/additional_fields file - the key there is called CRYPTPW, which
says that 1 encrypts and 0 doesn't.

> If you set this to 0, passwords will be encrypted in the user
> database. If you set this to anything other than zero or a blank
> value, passwords will not be encrypted and will be readable in
> the user database. You can build encrypted passwords with
> the htpasswd command, or other means.

If I use something else to hash the passwords, say MD5, how do I specify
that?

But something is still odd here. After creating a new catalog based on
'simple' and directly entering a password string generated by htpasswd for
the superuser, I could finally get superuser access while the UserDB
parameter specified using encryption. After that I logged off the
superuser, I logged back in and created a normal user account and placed a
test order. That too worked okay, but now it is refusing to accept the
original password for the superuser. Looking thru the useredb.db file, I
do not see the original password string for the superuser, though I did
NOT change it! The new user's password *is* encrypted, though. Now what?

Does the 'load configuration' command in minimate reinstall the
remoteuser's original password in the userdb?

-Dave

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

Follow-Ups:
- Re: [mv] remoteuser password
  - From: David Babler <dbabler@rigel.orionsys.com>
- Re: [mv] remoteuser password
  - From: John Beima <jbeima@palb.com>

References:
- Re: [mv] remoteuser password
  - From: Mike Heins <mikeh@minivend.com>

Prev by Date: Re: [mv] Rebuilding catalog cgi thru web
Next by Date: Re: [mv] remoteuser password
Prev by thread: Re: [mv] remoteuser password
Next by thread: Re: [mv] remoteuser password
Index(es):
- Date
- Thread