public inbox for gnats-devel@sourceware.org
 help / color / mirror / Atom feed
From: Dirk Schenkewitz <Dirk.Schenkewitz@interface-ag.com>
To: "Erwin, Richard D" <richard.d.erwin@boeing.com>
Cc: help-gnats <help-gnats@gnu.org>
Subject: Re: Passwords for users in gnatsd.access
Date: Wed, 21 May 2003 20:49:00 -0000	[thread overview]
Message-ID: <3ECBDEF5.1C326522@interface-ag.com> (raw)
In-Reply-To: <6E6ACC930A9BAB47AB0BBD1ACC0F8B3824C5E7@xch-nw-02.nw.nos.boeing.com>

Mr. Richard,

"Erwin, Richard D" schrieb:
> 
> Folks;
> 
> I've figured out how to work the gnatsd.conf vs. gnatsd.access relationship, but I have a question.
> 
> Has anybody set up things so that the gnats administrator doesn't know the existing passwords for users within gnatsd.access?  Ideally, I'd like to refer to our NFS server's password file, which has jumbled the passwords into something even we system administrator's don't know.  The users will want to use the same passwords for their general accounts, and I don't like having the passwords be as is within gnatsd.access and thus available to anyone who can crack the file.

I have configured Gnatsweb with full purpose WITHOUT passwords (thus letting everybody in) because I found no way to avoid the password being in clear-text in a cookie on the user's machine. I considered this to be even worse...
I know, that doesn't answer your question, I just want to say, under the given circumstances - try to live without passwords.

regards
	dirk
-- 
Dirk Schenkewitz 

InterFace AG                 fon: +49 (0)89 / 610 49 - 126
Leipziger Str. 16            fax: +49 (0)89 / 610 49 - 83
D-82008 Unterhaching         
http://www.interface-ag.de   mailto:dirk.schenkewitz@interface-ag.de


_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats

      reply	other threads:[~2003-05-21 20:49 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2003-05-21 17:58 Erwin, Richard D
2003-05-21 20:49 ` Dirk Schenkewitz [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3ECBDEF5.1C326522@interface-ag.com \
    --to=dirk.schenkewitz@interface-ag.com \
    --cc=help-gnats@gnu.org \
    --cc=richard.d.erwin@boeing.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).