From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: mail.toke.dk; spf=pass (mailfrom) smtp.mailfrom=irif.fr (client-ip=2001:660:3301:8000::1:2; helo=korolev.univ-paris7.fr; envelope-from=jch@irif.fr; receiver=) Received: from korolev.univ-paris7.fr (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]) by mail.toke.dk (Postfix) with ESMTPS id 7FACE7E8FF6 for ; Fri, 19 Feb 2021 13:48:44 +0100 (CET) Received: from potemkin.univ-paris7.fr (potemkin.univ-paris7.fr [IPv6:2001:660:3301:8000::1:1]) by korolev.univ-paris7.fr (8.14.4/8.14.4/relay1/82085) with ESMTP id 11JCmhVq021735 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 19 Feb 2021 13:48:43 +0100 Received: from mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [81.194.30.253]) by potemkin.univ-paris7.fr (8.14.4/8.14.4/relay2/82085) with ESMTP id 11JCmhwd013564; Fri, 19 Feb 2021 13:48:43 +0100 Received: from mailhub.math.univ-paris-diderot.fr (localhost [127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTP id 6339F108A98; Fri, 19 Feb 2021 13:48:06 +0100 (CET) X-Virus-Scanned: amavisd-new at math.univ-paris-diderot.fr Received: from mailhub.math.univ-paris-diderot.fr ([127.0.0.1]) by mailhub.math.univ-paris-diderot.fr (mailhub.math.univ-paris-diderot.fr [127.0.0.1]) (amavisd-new, port 10023) with ESMTP id 62KCTndXTqnu; Fri, 19 Feb 2021 13:47:52 +0100 (CET) Received: from pirx.irif.fr (unknown [78.194.40.74]) (Authenticated sender: jch) by mailhub.math.univ-paris-diderot.fr (Postfix) with ESMTPSA id 9A5F3108A3C; Fri, 19 Feb 2021 13:47:51 +0100 (CET) Date: Fri, 19 Feb 2021 13:47:51 +0100 Message-ID: <87lfbk6x6w.wl-jch@irif.fr> From: Juliusz Chroboczek To: Toke =?ISO-8859-1?Q?H=F8iland-J=F8rgensen?= In-Reply-To: <8735xsl1mq.fsf@toke.dk> References: <878s7kl6zh.fsf@toke.dk> <8735xsl1mq.fsf@toke.dk> User-Agent: Wanderlust/2.15.9 (Almost Unreal) Emacs/27.1 Mule/6.0 MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue") Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (korolev.univ-paris7.fr [IPv6:2001:660:3301:8000::1:2]); Fri, 19 Feb 2021 13:48:43 +0100 (CET) X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (potemkin.univ-paris7.fr [194.254.61.141]); Fri, 19 Feb 2021 13:48:43 +0100 (CET) X-Miltered: at korolev with ID 602FB3AB.00E by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-Miltered: at potemkin with ID 602FB3AB.008 by Joe's j-chkmail (http : // j-chkmail dot ensmp dot fr)! X-j-chkmail-Enveloppe: 602FB3AB.00E from potemkin.univ-paris7.fr/potemkin.univ-paris7.fr/null/potemkin.univ-paris7.fr/ X-j-chkmail-Enveloppe: 602FB3AB.008 from mailhub.math.univ-paris-diderot.fr/mailhub.math.univ-paris-diderot.fr/null/mailhub.math.univ-paris-diderot.fr/ X-j-chkmail-Score: MSGID : 602FB3AB.00E on korolev.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Score: MSGID : 602FB3AB.008 on potemkin.univ-paris7.fr : j-chkmail score : . : R=. U=. O=. B=0.000 -> S=0.000 X-j-chkmail-Status: Ham X-j-chkmail-Status: Ham Message-ID-Hash: B4YXBMDRGNKZFGLJIMOBDWTMHCKBXMTR X-Message-ID-Hash: B4YXBMDRGNKZFGLJIMOBDWTMHCKBXMTR X-MailFrom: jch@irif.fr X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: Michael =?ISO-8859-1?Q?Str=F6der?= , galene@lists.galene.org X-Mailman-Version: 3.3.2 Precedence: list Subject: [Galene] Re: Is the passwd file still needed? List-Id: =?utf-8?q?Gal=C3=A8ne_videoconferencing_server_discussion_list?= Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: >>> With the new hashed-password syntax in group files, user credentials are >>> stored in the JSON for each group. But there's still a mention of a >>> passwd file in the README, but marked as 'optional' - is this still >>> needed? >> AFAICS it's simply used to protect the /stats page (with HTTP basic auth= c). Right. >>> And is there a way to specify hashed passwords in that file? This file's syntax is going to change, but I'm not quite sure how. Right now, we're duplicating the same entry for a given user in all groups where they have a username; it would be good to be able to say 1. user "toke", has default password "foo"; 2. user "toke" is Op in group A with his default password; 3. user "toke" is Presenter in group B with his default password; 4. user "toke" is Op in this whole set of groups with his default passwor= d. One possible solution would be to store default passwords in the "passwd" file, and use the default password in "password" is not present (as opposed to being the empty string, which will have the same meaning as actually). This doesn't solve point (4) above. Ideas welcome, even if they're not accompanied with patches. Please recall that Gal=E8ne is meant to be easy to install and have minimal dependencies, so anything that relies on an external daemon (SQL) is out of the question; on the other hand, I'm open to solutions that are extensible to third-party authentication or delegation ("login with github") as long as they remain optional. -- Juliusz