* [Galene] Is the passwd file still needed? @ 2021-02-19 9:52 Toke Høiland-Jørgensen 2021-02-19 10:44 ` [Galene] " Michael Ströder 0 siblings, 1 reply; 15+ messages in thread From: Toke Høiland-Jørgensen @ 2021-02-19 9:52 UTC (permalink / raw) To: galene With the new hashed-password syntax in group files, user credentials are stored in the JSON for each group. But there's still a mention of a passwd file in the README, but marked as 'optional' - is this still needed? What's the consequence of not having it? And is there a way to specify hashed passwords in that file? -Toke ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 9:52 [Galene] Is the passwd file still needed? Toke Høiland-Jørgensen @ 2021-02-19 10:44 ` Michael Ströder 2021-02-19 11:48 ` Toke Høiland-Jørgensen 0 siblings, 1 reply; 15+ messages in thread From: Michael Ströder @ 2021-02-19 10:44 UTC (permalink / raw) To: galene On 2/19/21 10:52 AM, Toke Høiland-Jørgensen wrote: > With the new hashed-password syntax in group files, user credentials are > stored in the JSON for each group. But there's still a mention of a > passwd file in the README, but marked as 'optional' - is this still > needed? What's the consequence of not having it? And is there a way to > specify hashed passwords in that file? AFAICS it's simply used to protect the /stats page (with HTTP basic authc). Ciao, Michael. ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 10:44 ` [Galene] " Michael Ströder @ 2021-02-19 11:48 ` Toke Høiland-Jørgensen 2021-02-19 12:47 ` Juliusz Chroboczek 0 siblings, 1 reply; 15+ messages in thread From: Toke Høiland-Jørgensen @ 2021-02-19 11:48 UTC (permalink / raw) To: Michael Ströder, galene Michael Ströder <michael@stroeder.com> writes: > On 2/19/21 10:52 AM, Toke Høiland-Jørgensen wrote: >> With the new hashed-password syntax in group files, user credentials are >> stored in the JSON for each group. But there's still a mention of a >> passwd file in the README, but marked as 'optional' - is this still >> needed? What's the consequence of not having it? And is there a way to >> specify hashed passwords in that file? > > AFAICS it's simply used to protect the /stats page (with HTTP basic authc). Ah, right, gotcha. I thought that just required any user with ops privs, but I guess I got that behaviour by reusing the same user/password combination in passwd and the groups config. OK, so my question about using the hashed syntax remains; but maybe this is deferred until a more complete system for user management shows up? :) -Toke ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 11:48 ` Toke Høiland-Jørgensen @ 2021-02-19 12:47 ` Juliusz Chroboczek 2021-02-19 13:01 ` Toke Høiland-Jørgensen 0 siblings, 1 reply; 15+ messages in thread From: Juliusz Chroboczek @ 2021-02-19 12:47 UTC (permalink / raw) To: Toke Høiland-Jørgensen; +Cc: Michael Ströder, galene >>> With the new hashed-password syntax in group files, user credentials are >>> stored in the JSON for each group. But there's still a mention of a >>> passwd file in the README, but marked as 'optional' - is this still >>> needed? >> AFAICS it's simply used to protect the /stats page (with HTTP basic authc). Right. >>> And is there a way to specify hashed passwords in that file? This file's syntax is going to change, but I'm not quite sure how. Right now, we're duplicating the same entry for a given user in all groups where they have a username; it would be good to be able to say 1. user "toke", has default password "foo"; 2. user "toke" is Op in group A with his default password; 3. user "toke" is Presenter in group B with his default password; 4. user "toke" is Op in this whole set of groups with his default password. One possible solution would be to store default passwords in the "passwd" file, and use the default password in "password" is not present (as opposed to being the empty string, which will have the same meaning as actually). This doesn't solve point (4) above. Ideas welcome, even if they're not accompanied with patches. Please recall that Galène is meant to be easy to install and have minimal dependencies, so anything that relies on an external daemon (SQL) is out of the question; on the other hand, I'm open to solutions that are extensible to third-party authentication or delegation ("login with github") as long as they remain optional. -- Juliusz ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 12:47 ` Juliusz Chroboczek @ 2021-02-19 13:01 ` Toke Høiland-Jørgensen 2021-02-19 13:13 ` Juliusz Chroboczek [not found] ` <YDAEso0xTvoIg+hJ@local> 0 siblings, 2 replies; 15+ messages in thread From: Toke Høiland-Jørgensen @ 2021-02-19 13:01 UTC (permalink / raw) To: Juliusz Chroboczek; +Cc: Michael Ströder, galene Juliusz Chroboczek <jch@irif.fr> writes: >>>> With the new hashed-password syntax in group files, user credentials are >>>> stored in the JSON for each group. But there's still a mention of a >>>> passwd file in the README, but marked as 'optional' - is this still >>>> needed? > >>> AFAICS it's simply used to protect the /stats page (with HTTP basic authc). > > Right. > >>>> And is there a way to specify hashed passwords in that file? > > This file's syntax is going to change, but I'm not quite sure how. Right > now, we're duplicating the same entry for a given user in all groups where > they have a username; it would be good to be able to say > > 1. user "toke", has default password "foo"; > 2. user "toke" is Op in group A with his default password; > 3. user "toke" is Presenter in group B with his default password; > 4. user "toke" is Op in this whole set of groups with his default password. > > One possible solution would be to store default passwords in the "passwd" > file, and use the default password in "password" is not present (as > opposed to being the empty string, which will have the same meaning as > actually). This doesn't solve point (4) above. Well personally I can live without (4). The obvious answer that comes to mind to implement it is user groups, though. So (video) groups could delegate the op priv to a (user) group (of admins, say), and you'd only need to add a user to that group. Alternatively, make it up to any third-party administration interface to provide the group abstraction and just keep the "list of users per (video) group" that exists now, but move the passwords to a central file. > Ideas welcome, even if they're not accompanied with patches. Please > recall that Galène is meant to be easy to install and have minimal > dependencies, so anything that relies on an external daemon (SQL) is > out of the question; on the other hand, I'm open to solutions that are > extensible to third-party authentication or delegation ("login with > github") as long as they remain optional. Well if you abstract out the password checking to a passwd file, it would be fairly straight forward to add additional callbacks there, no? I.e., Galene can ask third-party services to authenticate a user ID, with the passwd file being the default? This would likely also need a decoupling of user identifiers and display names, as external services can use arbitrary IDs (but commonly, that's just emails) that is not necessarily what users want to show up in the user list... -Toke ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 13:01 ` Toke Høiland-Jørgensen @ 2021-02-19 13:13 ` Juliusz Chroboczek 2021-02-19 13:19 ` Gabriel Kerneis 2021-02-23 15:11 ` Dave Taht [not found] ` <YDAEso0xTvoIg+hJ@local> 1 sibling, 2 replies; 15+ messages in thread From: Juliusz Chroboczek @ 2021-02-19 13:13 UTC (permalink / raw) To: Toke Høiland-Jørgensen; +Cc: Michael Ströder, galene > Well personally I can live without (4). The obvious answer that comes to > mind to implement it is user groups, though. I like the idea. But the term "group" is already taken. "Team"? "Clique"? "Cabal"? "Club"? ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 13:13 ` Juliusz Chroboczek @ 2021-02-19 13:19 ` Gabriel Kerneis 2021-02-19 13:36 ` Toke Høiland-Jørgensen 2021-02-20 0:52 ` Juliusz Chroboczek 2021-02-23 15:11 ` Dave Taht 1 sibling, 2 replies; 15+ messages in thread From: Gabriel Kerneis @ 2021-02-19 13:19 UTC (permalink / raw) To: galene On Fri, 19 Feb 2021, at 14:13, Juliusz Chroboczek wrote: > > Well personally I can live without (4). The obvious answer that comes to > > mind to implement it is user groups, though. > > I like the idea. But the term "group" is already taken. "Team"? > "Clique"? "Cabal"? "Club"? If breaking changes are still possible, I'd go with "group" for this concept, and "room" for the current groups. Otherwise, be explicit and go with "user_group". -- Gabriel ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 13:19 ` Gabriel Kerneis @ 2021-02-19 13:36 ` Toke Høiland-Jørgensen 2021-02-20 0:52 ` Juliusz Chroboczek 1 sibling, 0 replies; 15+ messages in thread From: Toke Høiland-Jørgensen @ 2021-02-19 13:36 UTC (permalink / raw) To: Gabriel Kerneis, galene "Gabriel Kerneis" <gabriel@kerneis.info> writes: > On Fri, 19 Feb 2021, at 14:13, Juliusz Chroboczek wrote: >> > Well personally I can live without (4). The obvious answer that comes to >> > mind to implement it is user groups, though. >> >> I like the idea. But the term "group" is already taken. "Team"? >> "Clique"? "Cabal"? "Club"? > > If breaking changes are still possible, I'd go with "group" for this > concept, and "room" for the current groups. > > Otherwise, be explicit and go with "user_group". +1 (on both points) -Toke ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 13:19 ` Gabriel Kerneis 2021-02-19 13:36 ` Toke Høiland-Jørgensen @ 2021-02-20 0:52 ` Juliusz Chroboczek 2021-02-20 10:06 ` Rémi Nollet 2021-02-20 11:49 ` Toke Høiland-Jørgensen 1 sibling, 2 replies; 15+ messages in thread From: Juliusz Chroboczek @ 2021-02-20 0:52 UTC (permalink / raw) To: Gabriel Kerneis; +Cc: galene > If breaking changes are still possible, I'd go with "group" for this > concept, and "room" for the current groups. I tend to dislike real-world metaphors. > Otherwise, be explicit and go with "user_group". Only as a last resort. Let's please try some more. -- Juliusz ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-20 0:52 ` Juliusz Chroboczek @ 2021-02-20 10:06 ` Rémi Nollet 2021-02-20 11:49 ` Toke Høiland-Jørgensen 1 sibling, 0 replies; 15+ messages in thread From: Rémi Nollet @ 2021-02-20 10:06 UTC (permalink / raw) To: galene I feel permitted to a bit of bike-shedding. If the user groups you want to create have the same semantics as Unix groups, and if this is the right semantics to use, I would also go for naming them “groups” and finding something else for current “groups”. I feel like it would help the administrators to make correct quick guesses so as to how those user groups work. If you then need a replacement name for current “groups”, I also happen to like “room”. For the end-user, they are nothing but a rendezvous point, a location in which we can meet and talk to and see each other. But if rooms are not the usual places where we meet people we want to talk with, maybe we can try something like “bar”, “pub”, “table”? Not sure what impression it will give to the user though. :-) Also, I for one like real-life metaphors. They make easier to remember names and to build a mental model. At least for me. -- Rémi ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-20 0:52 ` Juliusz Chroboczek 2021-02-20 10:06 ` Rémi Nollet @ 2021-02-20 11:49 ` Toke Høiland-Jørgensen 2021-02-20 12:09 ` Michael Ströder 1 sibling, 1 reply; 15+ messages in thread From: Toke Høiland-Jørgensen @ 2021-02-20 11:49 UTC (permalink / raw) To: Juliusz Chroboczek, Gabriel Kerneis; +Cc: galene Juliusz Chroboczek <jch@irif.fr> writes: >> If breaking changes are still possible, I'd go with "group" for this >> concept, and "room" for the current groups. > > I tend to dislike real-world metaphors. "Room" does seem to be popular in other services (e.g., matrix.org). Otherwise there's "channel" (like in IRC) or "conference"? Or, getting into sillier territory, "convent", "circle", "seance", "gang", "society"? :P -Toke ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-20 11:49 ` Toke Høiland-Jørgensen @ 2021-02-20 12:09 ` Michael Ströder 2021-02-20 12:22 ` Toke Høiland-Jørgensen 0 siblings, 1 reply; 15+ messages in thread From: Michael Ströder @ 2021-02-20 12:09 UTC (permalink / raw) To: galene On 2/20/21 12:49 PM, Toke Høiland-Jørgensen wrote: > Juliusz Chroboczek <jch@irif.fr> writes: > >>> If breaking changes are still possible, I'd go with "group" for this >>> concept, and "room" for the current groups. >> >> I tend to dislike real-world metaphors. > > "Room" does seem to be popular in other services (e.g., matrix.org). Yes, "room" is pretty widely used and it looks familiar for users. I hope this is not registered as trademark or in a patent. But such an issue can arise with any term you choose. > Otherwise there's "channel" (like in IRC) or "conference"? Also good ones. My similar idea would be simply "meeting". > Or, getting into sillier territory, "convent", "circle", "seance", > "gang", "society"? :P Or "dungeon" for role players... Or an even more stupid suggestion Juliusz will surely not like: Add a config parameter for choosing an arbitrary term for what's currently called "group". Yes, let's discuss the default value now... ;-] Ciao, Michael. ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-20 12:09 ` Michael Ströder @ 2021-02-20 12:22 ` Toke Høiland-Jørgensen 0 siblings, 0 replies; 15+ messages in thread From: Toke Høiland-Jørgensen @ 2021-02-20 12:22 UTC (permalink / raw) To: Michael Ströder, galene Michael Ströder <michael@stroeder.com> writes: > On 2/20/21 12:49 PM, Toke Høiland-Jørgensen wrote: >> Juliusz Chroboczek <jch@irif.fr> writes: >> >>>> If breaking changes are still possible, I'd go with "group" for this >>>> concept, and "room" for the current groups. >>> >>> I tend to dislike real-world metaphors. >> >> "Room" does seem to be popular in other services (e.g., matrix.org). > > Yes, "room" is pretty widely used and it looks familiar for users. > > I hope this is not registered as trademark or in a patent. But such an > issue can arise with any term you choose. > >> Otherwise there's "channel" (like in IRC) or "conference"? > > Also good ones. My similar idea would be simply "meeting". > >> Or, getting into sillier territory, "convent", "circle", "seance", >> "gang", "society"? :P > > Or "dungeon" for role players... "Tower"? "Cave"? "Igloo"? "Attic"? "Cubicle"? "Dwelling"? "Hobbit hole"? -Toke ^ permalink raw reply [flat|nested] 15+ messages in thread
* [Galene] Re: Is the passwd file still needed? 2021-02-19 13:13 ` Juliusz Chroboczek 2021-02-19 13:19 ` Gabriel Kerneis @ 2021-02-23 15:11 ` Dave Taht 1 sibling, 0 replies; 15+ messages in thread From: Dave Taht @ 2021-02-23 15:11 UTC (permalink / raw) To: Juliusz Chroboczek; +Cc: Michael Ströder, galene gang? Mafia? mutants? On Fri, Feb 19, 2021 at 5:13 AM Juliusz Chroboczek <jch@irif.fr> wrote: > > > Well personally I can live without (4). The obvious answer that comes to > > mind to implement it is user groups, though. > > I like the idea. But the term "group" is already taken. "Team"? > "Clique"? "Cabal"? "Club"? > _______________________________________________ > Galene mailing list -- galene@lists.galene.org > To unsubscribe send an email to galene-leave@lists.galene.org -- "For a successful technology, reality must take precedence over public relations, for Mother Nature cannot be fooled" - Richard Feynman dave@taht.net <Dave Täht> CTO, TekLibre, LLC Tel: 1-831-435-0729 ^ permalink raw reply [flat|nested] 15+ messages in thread
[parent not found: <YDAEso0xTvoIg+hJ@local>]
* [Galene] Re: Is the passwd file still needed? [not found] ` <YDAEso0xTvoIg+hJ@local> @ 2021-02-20 12:23 ` Toke Høiland-Jørgensen 0 siblings, 0 replies; 15+ messages in thread From: Toke Høiland-Jørgensen @ 2021-02-20 12:23 UTC (permalink / raw) To: HWJ; +Cc: galene (Adding back the list) HWJ <hwj+galene@secure.mailbox.org> writes: >>I.e., Galene can ask third-party services to authenticate a user ID, >>with the passwd file being the default? > > I really like this idea. > > Maybe the "third-party service" could just be a shell script, that gets > the group, username, and password as $1, $2, and $3 respectively. > Then everybody could implement his own authentication system, e.g. using > LDAP/AD (which is common in educational institutions). Yeah, just calling an external program would be one obvious API. Another (and maybe Galene should do both natively?) would be to call an external web service. -Toke ^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2021-02-23 15:11 UTC | newest] Thread overview: 15+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2021-02-19 9:52 [Galene] Is the passwd file still needed? Toke Høiland-Jørgensen 2021-02-19 10:44 ` [Galene] " Michael Ströder 2021-02-19 11:48 ` Toke Høiland-Jørgensen 2021-02-19 12:47 ` Juliusz Chroboczek 2021-02-19 13:01 ` Toke Høiland-Jørgensen 2021-02-19 13:13 ` Juliusz Chroboczek 2021-02-19 13:19 ` Gabriel Kerneis 2021-02-19 13:36 ` Toke Høiland-Jørgensen 2021-02-20 0:52 ` Juliusz Chroboczek 2021-02-20 10:06 ` Rémi Nollet 2021-02-20 11:49 ` Toke Høiland-Jørgensen 2021-02-20 12:09 ` Michael Ströder 2021-02-20 12:22 ` Toke Høiland-Jørgensen 2021-02-23 15:11 ` Dave Taht [not found] ` <YDAEso0xTvoIg+hJ@local> 2021-02-20 12:23 ` Toke Høiland-Jørgensen
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox