Announcement

Collapse
No announcement yet.

Abyss passwords mass change

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Abyss passwords mass change

    I use cgi to handle passwords using Abyss, but would use the Abyss password protection if mass passwords could be changed without having to go through the console to modify each entry. Has anyone already written a program to do this? Looks like a bulk XML file change, but the passwords are encrypted which will add complication. I really prefer the way other servers handle the password file as a separate file.
    How long is an idea?

  • #2
    Originally posted by Mike Doty View Post
    Looks like a bulk XML file change, but the passwords are encrypted which will add complication.
    The string of hex digits you see in the configuration file is obtained starting from a "user:password" string, base64 encoding, then geting the MD5 hash.
    In php:
    PHP Code:
    echo md5(base64_encode("user:password")); 
    Bye!
    -- The universe tends toward maximum irony. Don't push it.

    File Extension Seeker - Metasearch engine for file extensions / file types
    Online TrID file identifier | TrIDLib - Identify thousands of file formats

    Comment


    • #3
      Mike,

      I have discussed the whole user account thing with Aprelium in great detail. I have a number of sites that have 200+ user accounts which is simply not practical to maintain via the Abyss web panel.

      They were VERY good at giving me the info I needed to manipulate the XML files, but the passwords continued to be a problem. They they wrote an executable for me that allowed me to pass a string and get a properly encrypted password back.

      So, I would suggest contacting them and seeing what they can offer you as a stop-gap to the next release. I don't have any idea when it will be, but one of the major improvements in version 3.0 is a rewritten user database and site configuration method. My guess is that they'd have 3.0 ready this year, but I'm not "in the know" about that one.
      Software makes Hardware Happen

      Comment


      • #4
        Originally posted by Joe Byrne View Post
        They were VERY good at giving me the info I needed to manipulate the XML files, but the passwords continued to be a problem. They they wrote an executable for me that allowed me to pass a string and get a properly encrypted password back.
        ?
        It's actually very straight forward, like I posted above.

        Let's say you have a user "joebyrne" with password "christian".

        You start from a string like: "joebyrne:christian"
        Then base64-encode it and get: "am9lYnlybmU6Y2hyaXN0aWFu"
        Then get its MD5 hash: "b71b4d19bd39709cace269d39e81c169"

        That's the string that endup in the .conf file.
        Parsing the XML file and replacing the passwords is a quick job.
        Even simpler, the XML parsing step can be safely bypassed tout court.

        Bye!
        Last edited by Marco Pontello; 18 May 2008, 01:26 PM.
        -- The universe tends toward maximum irony. Don't push it.

        File Extension Seeker - Metasearch engine for file extensions / file types
        Online TrID file identifier | TrIDLib - Identify thousands of file formats

        Comment


        • #5
          Parsing the XML file and replacing the passwords is a quick job.
          Yup, it sure it. I pass my info to the app Aprilum provided, I get a working password back.
          Software makes Hardware Happen

          Comment


          • #6
            Yes, I saw your posts on Aprelium's forum.
            Don't know what kind of problems you encountered, but I tried the firsts implementations of a Base64 encoding and MD5 digest I found here in the forum and/or on PBCrypto and got the right hashes.

            So, Mike, going back to your message, I think you'll not have any problems doing a mass passwords change, if you ever need it.

            Bye!
            -- The universe tends toward maximum irony. Don't push it.

            File Extension Seeker - Metasearch engine for file extensions / file types
            Online TrID file identifier | TrIDLib - Identify thousands of file formats

            Comment

            Working...
            X