Ok, I thank you.
On Thu, 28 Jun 2018 16:28:56 +0100 "AJLDuarte" <[email protected]> wrote: > You can also change that with the respective viewer debug setting without > edit the xml. > You also need that to test regions https with similar cert. > > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Sebastián > Castillo Carrión > Sent: Thursday, June 28, 2018 15:54 > To: [email protected] > Cc: Cinder Roxley; Juan Jesus Farfan Leiva > Subject: Re: [Opensim-dev] Question about https login authentication > > Thank you, I have tested Singularity and Alchemy, and both of them works. > > Because I am using a self-signed certificate made by me for testing > purposes, I have made changes in the file settings.xml to avoid verify SSL > certificates, on the contrary, login would fail raising the error "peer > certificate cannot be authenticated with given ca certificates": > > C:\Program Files\[Singularity or Alchemy]\app_settings\settings.xml > ______________________________ > ... > <key>NoVerifySSLCert</key> > <map> > <key>Comment</key> > <string>Do not verify SSL certificates. WARNING: Setting this to TRUE > allows anyone to impersonate the server and intercept your data (man in the > middle attack).</string> > <key>Persist</key> > <integer>1</integer> > <key>Type</key> > <string>Boolean</string> > <key>Value</key> > <integer>1</integer> <=== Changed from value 0 to value 1 > </map> > ... > ______________________________ > > After making this modification, it seems that login authentication is > sucessful. > > > > On Fri, 22 Jun 2018 08:26:29 -0400 > Cinder Roxley <[email protected]> wrote: > > > Have you tried logging in with a client besides Firestorm? Singularity or > > Alchemy, for example. The hop:// URI scheme Firestorm relies on does not > > support TLS connections. > > > > As far as sending the password as plaintext, you would need to modify the > > viewer as it sends the password as an MD5 hash. > > > > Negotiating the password hashing mechanism between viewer and login > service > > would be an interesting project to work on if anyone is interested in > > working on it with me. Storing passwords as MD5 is woefully insecure in > > this day and age. (Is using MD5 for sensitive data even PCI compliant?) > > > > On June 22, 2018 at 6:48:47 AM, Sebastián Castillo Carrión ( > > [email protected]) wrote: > > > > Hello everyone ! > > > > I'm Sebastian, and I work at the University of Malaga (Spain), and among > > other things I develop code for opensim. > > > > At the University we use a single user account to give access to all the > > University services via ldap, so we need to integrate ldap in the > > authentication process of opensim. > > > > The ldap authentication more or less we know how to do it, but we need to > > establish a secure https connection between the client and the server for > > the login process, instead of http, since ldap calls require passing the > > password without applying md5. > > > > I have seen that there is a multitude of options ssl and https in the > > configuration of opensim, but I get the impression that they are not > > designed for the login process, only for "out of band" applications: I > have > > tried these options without success in the login; I think the reason is > not > > an incorrect configuration, because when I load in a web browser https: // > > ip: 8003 (https_main = true) or https: // ip: 9080 (https_listener = > true), > > the browser asks me to accept the certificate . However, I can not log in > > from the firestorm client, it is as if the server did not exist, seems the > > client request get lost. > > > > I have run the server in debug mode from visual studio to see what code is > > running in those cases. Executing the server in debug mode from Visual > > Studio, I see that the listener server on port 8003 is created correctly, > > and pass the certificate, password and ssl mode as parameter, and in case > > of defining another listening port using the https_listener options = > true, > > http_port = ..., the service is also created correctly; however, the > logins > > from firestorm seem to not reach opensim, since I have defined breakpoints > > of the code that would be activated when the server receives a call, and > > doing tests I see that they are only activated when the calls are made > from > > a web browser, but not from the firestorm client. > > > > Another attempt I have made is to modify the code so that the listening > > service is created on port 8002 with https (in the original code no matter > > what settings are assigned to https variables in configuration files, > seems > > listener service in port 8002 is always http); as in the previous case, > the > > https request to port 8002 does arrive when it is done from a web browser, > > but not from the firestorm client. > > > > My impressions are that https is supported only for communications of > > internal services of the server, and additional listener ports for "out of > > the bands" applications, but not for the login authentication, where only > > http is supported. > > > > Do you know if it is necessary to modify the Opensim code to add login > > support by https? > > > > Do you know if it is necessary to modify the firestorm code to add login > > support by https? > > > > > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > _______________________________________________ > > Opensim-dev mailing list > > [email protected] > > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > > > _______________________________________________ > Opensim-dev mailing list > [email protected] > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev > > _______________________________________________ > Opensim-dev mailing list > [email protected] > http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev _______________________________________________ Opensim-dev mailing list [email protected] http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-dev
