[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Passwords for users in gnatsd.access
From: |
Dirk Schenkewitz |
Subject: |
Re: Passwords for users in gnatsd.access |
Date: |
Wed, 21 May 2003 22:17:57 +0200 |
Mr. Richard,
"Erwin, Richard D" schrieb:
>
> Folks;
>
> I've figured out how to work the gnatsd.conf vs. gnatsd.access relationship,
> but I have a question.
>
> Has anybody set up things so that the gnats administrator doesn't know the
> existing passwords for users within gnatsd.access? Ideally, I'd like to
> refer to our NFS server's password file, which has jumbled the passwords into
> something even we system administrator's don't know. The users will want to
> use the same passwords for their general accounts, and I don't like having
> the passwords be as is within gnatsd.access and thus available to anyone who
> can crack the file.
I have configured Gnatsweb with full purpose WITHOUT passwords (thus letting
everybody in) because I found no way to avoid the password being in clear-text
in a cookie on the user's machine. I considered this to be even worse...
I know, that doesn't answer your question, I just want to say, under the given
circumstances - try to live without passwords.
regards
dirk
--
Dirk Schenkewitz
InterFace AG fon: +49 (0)89 / 610 49 - 126
Leipziger Str. 16 fax: +49 (0)89 / 610 49 - 83
D-82008 Unterhaching
http://www.interface-ag.de mailto:address@hidden