[ic] BUG: default encrypted admin password is not portable
Mike Heins
mikeh@minivend.com
Wed, 20 Sep 2000 01:59:54 -0400
Quoting Mark Stosberg (mark@summersault.com):
>
> Hello,
>
> I recently set up Interchange 4.5.5 for the first time. My OS is
> FreeBSD 3.1 and I'm using Perl 5.005_02.
> Things went fairly smoothly, but I could not log into the
> administrative interface because of a "password mismatch error". Since I
> was using the correct username and the default 'pass' word, I suspected
> that the failure was because that the encryption of the original text
> varied from the way my system did it. I proceeded to try to encrypt my
> own password the way that Minivend does using my systems native "crypt"
> system. I produced a new encrypted password like this:
>
> > cd ~mvend/lib
> > perl -e 'use Vend::Util; print crypt("pass",Vend::Util::random_string(2))."\n";'
>
> After pasting the result over the old password in access.txt, I was able
> to access the admin area with the username 'pass' as I expected.
>
> I recommend that Interchange creates the default encrypted passwords in
> a manner like this as part of the "makecat" process, rather than relying
> on the OS to have a compatible encryption system.
>
This has already been done.
--
Akopia, Inc., 131 Willow Lane, Floor 2, Oxford, OH 45056
phone +1.513.523.8220 fax 7501 <heins@akopia.com>
I have a cop friend who thinks he ought be able to give a new ticket;
"too dumb for conditions".