[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnue-dev] Appserver/Common Issues
|
From: |
Reinhard Mueller |
|
Subject: |
Re: [Gnue-dev] Appserver/Common Issues |
|
Date: |
23 Nov 2002 21:03:46 +0100 |
Am Sam, 2002-11-23 um 20.27 schrieb Neil Tiffin:
> At 4:23 PM +0000 11/23/02, Robert Jenkins wrote:
> >Presumably the usernames & passwords will be stored in the main
> >database, so the program must have a built-in or configured 'fixed'
> >password to be able to verify user logins (and create a fixed
> >'superuser' login when initially installed to allow users to be added by
> >the system admin?).
>
> This sounds good for phase I, but having user passwords in the
> database will be suboptimal in any situation that has more than a few
> users. From a maintenance standpoint we should be able to use LDAP or
> Active Directory to validate passwords and not store them in the
> database.
We were talking about using PAM for authentication, which would mean
(from my understanding) that we can use at least LDAP as well as simple
shadowpasswords and more. IMHO there are a _lot_ of thing that make
sense to generally store in the database, but not the passwords.
> Also I hope that you did not mean to imply that we should have a
> fixed admin password. That is a security nightmare.
_If_ we have a fixed superuser password, we should at least follow the
tradition and call it "SAP engineers are weenies"
(j/k)
Reinhard
--
Reinhard Mueller
GNU Enterprise project
http://www.gnue.org
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
Re: [Gnue-dev] Appserver/Common Issues, Stanley A. Klein, 2002/11/21
Re: [Gnue-dev] Appserver/Common Issues, Robert Jenkins, 2002/11/23