[LON-CAPA-admin] Server Migration

Guy Albertelli II guy at albertelli.com
Mon Feb 5 14:38:32 EST 2007

Hi Stefan,

> 1) filesystem authentication 
> I remember that Guy wrote someday, that users with filesystem authentication make 
> no sense nowadays.

Authors no longer make sense as Filesystem authenticated.

One could argue that DC still can make sense for the initial DC.

> Furthermore, this new user could not log in. Only because of the successful 
> transfer from the old to new machine, we could login with an old (local 
> authenticated) domain coordinator and change the authentication method to 
> "Internally authenticated". 
> 2) password encryption 
> I was told, that standard encryption method for SLES9 user passwords is "crypt", 
> but for FC5 is "md5".

This would be why 'filesystem authenticated' failed.

You could have also
- logged in as root to the machine and changed the password to the

> We found out, that a transfered domain coordinator with 
> internal authentication could not login. All users with the other combinations of 
> "internally authenticatied"/"local authenticated" and DC/no DC were able to log 
> in. 

'Filesystem authenticated' is authenticated by the underlying OS,
'internally authenticated' is completely handled by lon-capa, 'local
authentication' completely depends on localauth.pm to handle the

> Another DC changed the password for the new DC. After that, the
> login was possible. I am not sure, if the encryption difference is
> the real reason for this.

It was.

> If so, it seems that some info about this should be added to the 
> new-server-website. 

Okily dokily.

guy at albertelli.com   0-7-0-9-27,137

More information about the LON-CAPA-admin mailing list