Re: Passwords for users in gnatsd.access

help-gnats

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Passwords for users in gnatsd.access

From:	Dirk Schenkewitz
Subject:	Re: Passwords for users in gnatsd.access
Date:	Wed, 21 May 2003 22:17:57 +0200

Mr. Richard,

"Erwin, Richard D" schrieb:
> 
> Folks;
> 
> I've figured out how to work the gnatsd.conf vs. gnatsd.access relationship, 
> but I have a question.
> 
> Has anybody set up things so that the gnats administrator doesn't know the 
> existing passwords for users within gnatsd.access?  Ideally, I'd like to 
> refer to our NFS server's password file, which has jumbled the passwords into 
> something even we system administrator's don't know.  The users will want to 
> use the same passwords for their general accounts, and I don't like having 
> the passwords be as is within gnatsd.access and thus available to anyone who 
> can crack the file.

I have configured Gnatsweb with full purpose WITHOUT passwords (thus letting 
everybody in) because I found no way to avoid the password being in clear-text 
in a cookie on the user's machine. I considered this to be even worse...
I know, that doesn't answer your question, I just want to say, under the given 
circumstances - try to live without passwords.

regards
        dirk
-- 
Dirk Schenkewitz 

InterFace AG                 fon: +49 (0)89 / 610 49 - 126
Leipziger Str. 16            fax: +49 (0)89 / 610 49 - 83
D-82008 Unterhaching         
http://www.interface-ag.de   mailto:address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

Passwords for users in gnatsd.access, Erwin, Richard D, 2003/05/21
- Re: Passwords for users in gnatsd.access, Dirk Schenkewitz <=

Prev by Date: Passwords for users in gnatsd.access
Next by Date: the pending category
Previous by thread: Passwords for users in gnatsd.access
Next by thread: the pending category
Index(es):
- Date
- Thread