* Passwords for users in gnatsd.access
@ 2003-05-21 17:58 Erwin, Richard D
2003-05-21 20:49 ` Dirk Schenkewitz
0 siblings, 1 reply; 2+ messages in thread
From: Erwin, Richard D @ 2003-05-21 17:58 UTC (permalink / raw)
To: help-gnats
Folks;
I've figured out how to work the gnatsd.conf vs. gnatsd.access relationship, but I have a question.
Has anybody set up things so that the gnats administrator doesn't know the existing passwords for users within gnatsd.access? Ideally, I'd like to refer to our NFS server's password file, which has jumbled the passwords into something even we system administrator's don't know. The users will want to use the same passwords for their general accounts, and I don't like having the passwords be as is within gnatsd.access and thus available to anyone who can crack the file.
Thanks,
Rich Erwin
Boeing SSG - M&CT Support
(425) 865-3414
_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Passwords for users in gnatsd.access
2003-05-21 17:58 Passwords for users in gnatsd.access Erwin, Richard D
@ 2003-05-21 20:49 ` Dirk Schenkewitz
0 siblings, 0 replies; 2+ messages in thread
From: Dirk Schenkewitz @ 2003-05-21 20:49 UTC (permalink / raw)
To: Erwin, Richard D; +Cc: help-gnats
Mr. Richard,
"Erwin, Richard D" schrieb:
>
> Folks;
>
> I've figured out how to work the gnatsd.conf vs. gnatsd.access relationship, but I have a question.
>
> Has anybody set up things so that the gnats administrator doesn't know the existing passwords for users within gnatsd.access? Ideally, I'd like to refer to our NFS server's password file, which has jumbled the passwords into something even we system administrator's don't know. The users will want to use the same passwords for their general accounts, and I don't like having the passwords be as is within gnatsd.access and thus available to anyone who can crack the file.
I have configured Gnatsweb with full purpose WITHOUT passwords (thus letting everybody in) because I found no way to avoid the password being in clear-text in a cookie on the user's machine. I considered this to be even worse...
I know, that doesn't answer your question, I just want to say, under the given circumstances - try to live without passwords.
regards
dirk
--
Dirk Schenkewitz
InterFace AG fon: +49 (0)89 / 610 49 - 126
Leipziger Str. 16 fax: +49 (0)89 / 610 49 - 83
D-82008 Unterhaching
http://www.interface-ag.de mailto:dirk.schenkewitz@interface-ag.de
_______________________________________________
Help-gnats mailing list
Help-gnats@gnu.org
http://mail.gnu.org/mailman/listinfo/help-gnats
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2003-05-21 20:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2003-05-21 17:58 Passwords for users in gnatsd.access Erwin, Richard D
2003-05-21 20:49 ` Dirk Schenkewitz
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).