On Sun, Jun 01, 2008 at 06:21:57PM +0200, Christian Rose wrote: > On 9/29/07, Olav Vitters <[EMAIL PROTECTED]> wrote: > There seems to be a bunch of "what's my Mango password?" tickets > stalled in RT3. > I'd like to know what I should answer the requestors. Is there a simple > answer? > I tried
Depends if they want to retrieve their password or reset it. Resetting is very annoying. This as a) I don't want people being able to login to the main LDAP server (even if there is a command restriction) b) Even if those logins would be allowed, I wouldn't trust a suid reset command c) Socket cannot change the password anyway as it is not the main LDAP server (could be done if everything uses openldap 2.4+.. RHEL5 has 2.3) d) MAINTAINERS file crappiness Long term, I want people to use GPG instead of passwords. Then the password is only there for some services like e.g. Jabber. I don't know much about LDAP (finally understand it somewhat since the last few days!) If people would need a password reset, they'd login to Mango using GPG, then click the 'new password' button. This would give them a new password. It is stalled due to lack of resources (would appreciate more help with building new infrastructure). Note: The reason I haven't implemented GPG yet is only due to not getting to it (it is difficult). I'm not going to ask for consensus. It will be implemented. I don't mind if people don't want it, it will be their problem if they want to give a new developer an SVN account, etc. Btw, to reset someones password so below command works again, follow the instructions in http://svn.gnome.org/viewvc/sysadmin-bin/trunk/handle-ldap-modules?view=markup Basically, use two gnome-terminal tabs, then in each: ssh -L 1389:localhost:389 label ssh -R 1389:localhost:1389 socket This allows socket to have a connection to the main LDAP server. Then do something *as root* like: /home/admin/bin/handle-ldap-modules reset-passwd $UID1 $UID2 $UID3 The SSH encapsulation ensures security (nobody will be able to read the password by sniffing emails). > ssh -l menthos svn.gnome.org mango > > but it seems I'm not allowed to log into svn.gnome.org. Probably this It is a one time password, as explained in the email everyone received. Often people do find the email if I provide subject and date (which I always have to lookup first). > is also the case for most people trying. Is there currently a way to > retrieve one's password (I'm talking about users here; fortunately I > know my own password). Using the command above. You're are sysadmin, so it won't work for you as you'll get a shell instead. See http://svn.gnome.org/viewvc/sysadmin-bin/trunk/run-svn-or-special-cmd?view=markup for the ugly details. It should probably be added to the email that a maintainer/coordinator gets. Feel free to add such info (it is not the only usability problem with the accounts stuff). Note: I *really* dislike the current setup with MAINTAINERS files. Much rather use some easier parsable format like DOAP. This is why I don't do much with it, plus didn't develop Mango for ~5 months. It will always be a mess and require a sysadmin to sync stuff manually, then committing the 10 fixes in various MAINTAINERS files. > Furthermore, I found no instructions for Mango passwords on > live.gnome.org, not even on http://live.gnome.org/Mango. The only > piece of instructions ever seems to be > http://blogs.gnome.org/ovitters/2007/09/26/sneak-preview-of-mango/ and > http://blogs.gnome.org/ovitters/2007/09/29/mango-gone-live/ and the > above mail, only findable with Google and GMail skills, and containing > instructions that currently do not work... It does work, for one time only. The lack of instructions is on purpose. I can explain this via private email if needed. Note: I might provide some ugly other method using Mango. This would require python-paramiko on the users side. Unfortunately Mango is written in PHP, which makes it difficult to combine (I don't want to start another process). -- Regards, Olav _______________________________________________ Gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
