RE: Patch: Fix user authentication + MKDB

[Pankaj K Garg]

> >  1) MKDB: creates all parent directories in case they did
> >    not exist.
> I'm not sure I agree. Let mkdb do what it's supposed to do: create
> the database, and let the gnats administrator do what he is supposed
> to do: establish the prerequisites for invoking mkdb.

I used this to fix the problem of the 'com' directory not being there
for the creation of the default database. Another fix would be to create
the <prefix>/com directory as part of the 'make install'...I can do that
if people prefer that. This seemed like a more general fix, as why do
things in two steps when you can do it in one?

> >  3) PASSWORD CHECKING: The password checking in the current CVS
> >    directory is broken. It was not working as someone else also
> >    recenlty noted on this list. The problems were: (a) it was using
> >    the opposite logic of match(), (b) it did not default to plain
> >    text passwords, (c) an empty database list was confusing it, and
> >    (d) there was no fall-through.
> 
> I agree with (a) and (c), but not with (b); (d) should be considered.
> 
> As for (b), the password checking behaves as described in 
> version 4 of the
> gnats manual (Keeping Track), see section C.4. Yngve Svendsen 
> put a lot
> of work into this and I believe it behaves as intended. There is no
> "default". You get the kind of password checking you ask for:
> 
>    plain text for passwords with a $0$ prefix,
>    MD5 format for passwords with a $1$ prefix, and
>    DES format for passwords without a prefix.
> 
> Your example below will be interpreted as having traditional Unix
> DES-crypted passwords and will effectively be no-login entries.

OK, sorry I did not take a look at the manual:-) I was tripped off
by the default line '#*:*:view' in the 'gnatsd.user_access' file and
thought that the default behavior was for plain-text passwords. So,this
requires fixing in my patch. I'll redo it such that it defaults to DES
instead of plain-text.

Regards

Pankaj