| View previous topic :: View next topic |
| Author |
Message |
ccs
-
Joined: 02 Apr 2005
Posts: 101
|
 Posted: Thu Apr 14, 2005 6:02 am Post subject: Creating users and passwords |
 |
|
I know its necessary to create all user accounts and maintain passwords via the Abyss console, but is there anyway to batch upload a list of accounts? Each year I need to create about 250 users (based on user submitted information).
I can probably write a program to create the user names and passwords and modify the XML file, but I don't know what encryption algorithm is used for the passwords.
Are there any tools that would help to automate this process?
If I can get a properly encrypted password, it wouldn't be too difficult to create a secured CGI app to allow existing users to change their own passwords. I would be willing to write something like this and make it available to the Abyss community for free. |
|
| Back to top |
  |
 |
TRUSTAbyss
-
Joined: 29 Oct 2003
Posts: 3752
Location: USA, GA
|
| Posted: Thu Apr 14, 2005 6:14 am Post subject: |
|
|
| Abyss Web Server uses md5 encryption for its passwords. LateR! |
|
| Back to top |
 |
|
ccs
-
Joined: 02 Apr 2005
Posts: 101
|
| Posted: Thu Apr 14, 2005 6:17 am Post subject: |
|
|
| Ok, thanks! |
|
| Back to top |
|
|
ccs
-
Joined: 02 Apr 2005
Posts: 101
|
| Posted: Thu Apr 14, 2005 6:41 am Post subject: |
|
|
Is it possible to get the source for how you calculate the MD5 encryption? I have 3 different MD5 implementations which produce the same result on my test string but differ from what I get in the XML file from abyss:
| Code: |
test string: "3236170"
Abyss produces: 19ef14d2128d5be94f34fa5de4e3938a
My calcs produce: 5ae892e48623cec6c90ce14b786d684d
|
|
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Thu Apr 14, 2005 11:49 am Post subject: |
|
|
The password hash is generated from the md5 hash of the base64 encoding of the username *and* password, with a colon separating username/password..
ie - md5(base64("username:password"))
Just checked this against my username/password in my conf file and can confirm that's it...
If you want to check quickly online, you can use
http://www.motobit.com/util/base64-decoder-encoder.asp for the base64 encoding of the username:password and http://bfl.rctek.com/tools/?tool=hasher for md5 hash calculation |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
| Posted: Thu Apr 14, 2005 12:16 pm Post subject: Re: Creating users and passwords |
|
|
ccs,
The password hash algorithm is explained in http://www.aprelium.com/forum/viewtopic.php?t=6301 .
For now, there is no tool to update the configuration programmatically. So you must write a small tool that reads the configuration file (XML) and adds nodes for the new users.
We can help you with the creation of this tool if you want ( support@aprelium.com ).
_________________
Support Team
Aprelium - http://www.aprelium.com |
|
| Back to top |
 |
|
cldickerson
-
Joined: 08 May 2004
Posts: 23
|
| Posted: Thu Apr 14, 2005 2:02 pm Post subject: Encryption |
|
|
You will find a MD5 password encryption program at http://www.NationalCyberServices.com. I don't know if it will be work with Abyss but I use it for a number of my websites on Unix servers and it works great.
Claude |
|
| Back to top |
|
|
ccs
-
Joined: 02 Apr 2005
Posts: 101
|
| Posted: Fri Apr 15, 2005 12:32 am Post subject: |
|
|
| Quote: |
For now, there is no tool to update the configuration programmatically
|
I've written a number of Md5 routines for email services in the past, but none of them are generating the same value as the Abyss one (I'm not using PHP so there might be the reason). I tried using user:password but I still get a different result.
I would think, based on other requests for this idea, that it would be really beneficial if you could create a simple command line utility that would take the user and password as parameters and send the encrypted value back through stdout. Parsing the XML file is easy enough to do but without a workable encrypted password the rest is a mute point.
Thanks! |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Fri Apr 15, 2005 12:38 am Post subject: |
|
|
| ccs wrote: | I tried using user:password but I still get a different result.
|
Sorry to assume you didn't read my post, or Aprelium's link in full, but you are taking the base64 string of user:password and running the md5 hash of that, not just the ascii user:password?
The two links I posted can be used to confirm that md5(base64(user:password)) works correctly... |
|
| Back to top |
|
|
ccs
-
Joined: 02 Apr 2005
Posts: 101
|
| Posted: Fri Apr 15, 2005 12:44 am Post subject: |
|
|
Thanks,
I did read both posts, but these are referring (I believe) to PHP scripts, and I'm not using PHP. I write my own compiled executable CGI apps. I can pick up the PHP engine if I need to, but I am hoping to do it my way instead. Less learning that way :) |
|
| Back to top |
|
|
Anonymoose
-
Joined: 09 Sep 2003
Posts: 2192
|
| Posted: Fri Apr 15, 2005 11:49 am Post subject: |
|
|
| ccs wrote: | Thanks,
I did read both posts, but these are referring (I believe) to PHP scripts, and I'm not using PHP. I write my own compiled executable CGI apps. I can pick up the PHP engine if I need to, but I am hoping to do it my way instead. Less learning that way :) |
Apologies then :) Some people do tend to skip over replies...
Think I've nailed the problem, but needs some checking. The PHP MD5 implementation is slightly different. |
|
| Back to top |
|
|
aprelium
-
Joined: 22 Mar 2002
Posts: 6800
|
|
| Back to top |
|
|
|
