[LON-CAPA-admin] Server Migration
Guy Albertelli II
guy at albertelli.com
Mon Feb 5 14:38:32 EST 2007
Hi Stefan,
> 1) filesystem authentication
> I remember that Guy wrote someday, that users with filesystem authentication make
> no sense nowadays.
Authors no longer make sense as Filesystem authenticated.
One could argue that DC still can make sense for the initial DC.
> Furthermore, this new user could not log in. Only because of the successful
> transfer from the old to new machine, we could login with an old (local
> authenticated) domain coordinator and change the authentication method to
> "Internally authenticated".
>
>
> 2) password encryption
> I was told, that standard encryption method for SLES9 user passwords is "crypt",
> but for FC5 is "md5".
This would be why 'filesystem authenticated' failed.
You could have also
- logged in as root to the machine and changed the password to the
account
> We found out, that a transfered domain coordinator with
> internal authentication could not login. All users with the other combinations of
> "internally authenticatied"/"local authenticated" and DC/no DC were able to log
> in.
'Filesystem authenticated' is authenticated by the underlying OS,
'internally authenticated' is completely handled by lon-capa, 'local
authentication' completely depends on localauth.pm to handle the
authentication.
> Another DC changed the password for the new DC. After that, the
> login was possible. I am not sure, if the encryption difference is
> the real reason for this.
It was.
> If so, it seems that some info about this should be added to the
> new-server-website.
Okily dokily.
--
guy at albertelli.com 0-7-0-9-27,137
More information about the LON-CAPA-admin
mailing list