Perfect!  Thanks heaps, Josh.  I'll just wrap some pretty php around this and 
we'll be in business.

Terry

On 30 Aug 2011, at 1159h, Josh Thompson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Terry,
> 
> Assuming you have a way to authenticate your helpdesk staff, I'd create a web 
> tool that allows them to enter a userid and password which will then set the 
> password for that userid in VCL.
> 
> To set the password, you'd follow these steps, I'll use USERID and NEWPASS to 
> represent the userid and the string entered as the new password by the 
> helpdesk staff:
> 
> - -get the id from the user table for the user:
>  SELECT id FROM user WHERE unityid = 'USERID' AND affiliationid = 1
>  I'll use 'theuserid' to refer to the returned value
> 
> - -get salt for user from localauth table:
>  SELECT salt FROM localauth WHERE userid = theuserid
>  I'll use 'thesalt' to refer to the returned value
> 
> - -create a hash of the salt and the new password:
>  echo -n 'NEWPASSthesalt' | sha1sum
>  I'll use 'thehash' to refer to the returned value
> 
> - -update the localauth table
>  UPDATE localauth SET passhash = 'thehash', lastupdated = NOW() WHERE userid 
> = theuserid
> 
> Josh  
> 
> On Tuesday August 30, 2011, Terry McGuire wrote:
>> Hey folks.  We're about to go live with our VCL pilot project, and at this
>> stage we're staying with local VCL accounts.  In the future we'll be
>> wiring things into our institutional ldap environment, but we're not there
>> yet and we need to find a way to function with about 50 local users,
>> growing perhaps to 150 in January.  One obvious challenge we see coming is
>> with folks forgetting passwords.
>> 
>> I don't see a facility in the web interface for admin users to reset
>> passwords.  Have I missed it somewhere?  Is there some sort of tool
>> somewhre else?  Assuming not, I'm going to have to build something
>> relatively user-friendly for our helpdesk staff to use.  (The helpdesk
>> won't be doing any overall VCL admin - just password resets and the like.)
>> Can anyone suggest a good approach to doing such a thing?  Please keep in
>> mind that we don't want to get too fancy, as we'll only need to be doing
>> this for maybe a year or so.
>> 
>> Thanks in advance for any and all suggestions.
>> 
>> Regards,
>> Terry McGuire
> - -- 
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
> 
> my GPG/PGP key can be found at pgp.mit.edu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> 
> iEYEARECAAYFAk5dJOoACgkQV/LQcNdtPQP+QwCdEzfTlTECBRxewg06F+N0ApxU
> U7MAn166GjpoKS747YAb80GkPOkwIw5Q
> =JD2q
> -----END PGP SIGNATURE-----
> 

Reply via email to