Hash: SHA1


Assuming you have a way to authenticate your helpdesk staff, I'd create a web 
tool that allows them to enter a userid and password which will then set the 
password for that userid in VCL.

To set the password, you'd follow these steps, I'll use USERID and NEWPASS to 
represent the userid and the string entered as the new password by the 
helpdesk staff:

- -get the id from the user table for the user:
  SELECT id FROM user WHERE unityid = 'USERID' AND affiliationid = 1
  I'll use 'theuserid' to refer to the returned value

- -get salt for user from localauth table:
  SELECT salt FROM localauth WHERE userid = theuserid
  I'll use 'thesalt' to refer to the returned value

- -create a hash of the salt and the new password:
  echo -n 'NEWPASSthesalt' | sha1sum
  I'll use 'thehash' to refer to the returned value

- -update the localauth table
  UPDATE localauth SET passhash = 'thehash', lastupdated = NOW() WHERE userid 
= theuserid


On Tuesday August 30, 2011, Terry McGuire wrote:
> Hey folks.  We're about to go live with our VCL pilot project, and at this
> stage we're staying with local VCL accounts.  In the future we'll be
> wiring things into our institutional ldap environment, but we're not there
> yet and we need to find a way to function with about 50 local users,
> growing perhaps to 150 in January.  One obvious challenge we see coming is
> with folks forgetting passwords.
> I don't see a facility in the web interface for admin users to reset
> passwords.  Have I missed it somewhere?  Is there some sort of tool
> somewhre else?  Assuming not, I'm going to have to build something
> relatively user-friendly for our helpdesk staff to use.  (The helpdesk
> won't be doing any overall VCL admin - just password resets and the like.)
>  Can anyone suggest a good approach to doing such a thing?  Please keep in
> mind that we don't want to get too fancy, as we'll only need to be doing
> this for maybe a year or so.
> Thanks in advance for any and all suggestions.
> Regards,
> Terry McGuire
- -- 
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University

my GPG/PGP key can be found at pgp.mit.edu
Version: GnuPG v2.0.17 (GNU/Linux)


Reply via email to