From: Dirk Schenkewitz <Dirk.Schenkewitz@interface-ag.com>
To: "Erwin, Richard D" <richard.d.erwin@boeing.com>
Cc: help-gnats <help-gnats@gnu.org>
Subject: Re: Passwords for users in gnatsd.access
Date: Wed, 21 May 2003 20:49:00 -0000 [thread overview]
Message-ID: <3ECBDEF5.1C326522@interface-ag.com> (raw)
In-Reply-To: <6E6ACC930A9BAB47AB0BBD1ACC0F8B3824C5E7@xch-nw-02.nw.nos.boeing.com>
Mr. Richard,
"Erwin, Richard D" schrieb:
>
> Folks;
>
> I've figured out how to work the gnatsd.conf vs. gnatsd.access relationship, but I have a question.
>
> Has anybody set up things so that the gnats administrator doesn't know the existing passwords for users within gnatsd.access? Ideally, I'd like to refer to our NFS server's password file, which has jumbled the passwords into something even we system administrator's don't know. The users will want to use the same passwords for their general accounts, and I don't like having the passwords be as is within gnatsd.access and thus available to anyone who can crack the file.
I have configured Gnatsweb with full purpose WITHOUT passwords (thus letting everybody in) because I found no way to avoid the password being in clear-text in a cookie on the user's machine. I considered this to be even worse...
I know, that doesn't answer your question, I just want to say, under the given circumstances - try to live without passwords.
regards
dirk
--
Dirk Schenkewitz
InterFace AG fon: +49 (0)89 / 610 49 - 126
Leipziger Str. 16 fax: +49 (0)89 / 610 49 - 83
D-82008 Unterhaching
http://www.interface-ag.de mailto:dirk.schenkewitz@interface-ag.de
_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats
prev parent reply other threads:[~2003-05-21 20:49 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-21 17:58 Erwin, Richard D
2003-05-21 20:49 ` Dirk Schenkewitz [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3ECBDEF5.1C326522@interface-ag.com \
--to=dirk.schenkewitz@interface-ag.com \
--cc=help-gnats@gnu.org \
--cc=richard.d.erwin@boeing.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).