[Xerte] Cannot Log In as Admin

Jeremy Hopkins Jeremy.Hopkins at bcu.ac.uk
Fri May 22 12:44:51 BST 2009


I'm not sure, I think there weaknesses in the algorithm as well... 

 

________________________________

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Patrick
Lockley
Sent: 22 May 2009 12:34
To: Xerte discussion list
Subject: RE: [Xerte] Cannot Log In as Admin

 

I was thinking I'd Md5 it, then rot_13 it as well. Just for fun.

 

I'm guessing those MD5 hacks are brute force dictionary attacks?

 

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Jeremy
Hopkins
Sent: 22 May 2009 12:32
To: Xerte discussion list
Subject: RE: [Xerte] Cannot Log In as Admin

 

Hello Julian,

 

Surely you are not advocating that passwords are left in plain text?

For the miniscule amount of effort required to enable it, I think MD5 is
better on than off. 

 

Jeremy

 

________________________________

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Julian Tenney
Sent: 22 May 2009 11:46
To: Xerte discussion list
Subject: RE: [Xerte] Cannot Log In as Admin

 

Here's a password hashed in the one way uncrackable MD5 algorithm:

 

e6078b9b1aac915d11b9fd59791030bf

 

Now, go and paste that into google and see how long it takes you to work
out the actual password...

 

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Patrick
Lockley
Sent: Friday, May 22, 2009 11:41 AM
To: Xerte discussion list
Subject: RE: [Xerte] Cannot Log In as Admin

 

Hello,

 

Yes management.php, it is LDAP free.

 

If you go to your sitedetails table, you can set the admin_username and
admin_password. Assuming these are set, and it sounds like they are -
does it just say they aren't correct. Mine works fine - I think
Johnathan's works as well - pretty sure Ron's works too.

 

Re MD5 - yep, over sight on my part - reasoning - we had a lot of people
with 0.5 and 0.8 installs where there was no admin role. When we moved
to 0.9 and 1.0 originally we modded the logindetails table to allow for
a user role flag, but this would mean everyone with an install modding
their tables. Which seemed a hassle. So I put the admin username into
the sitedetails table at the last minute instead, and left it.

 

You're welcome to MD5 it yourself though - you'd just need to put an un
md5 command into config.php. 

 

I'll put it in the list for the next version.

 

Pat

 

From: xerte-bounces at lists.nottingham.ac.uk
[mailto:xerte-bounces at lists.nottingham.ac.uk] On Behalf Of Jeremy
Hopkins
Sent: 22 May 2009 11:32
To: xerte at lists.nottingham.ac.uk
Subject: [Xerte] Cannot Log In as Admin

 

Hello All,

 

I have installed the full version Xerte on a linux virtual server. All
seemed to go according to plan until I came to log in.

 

I cannot log in using the administrators username and password. I have
re-installed / checked fields in database etc and it still will not
allow me in.

 

I have not got LDAP running yet, but am assuming that LDAP is not
required for the admin account, and that admin is completely independent
of the normal routines with the credential residing in the sitedetails
table? (would it not be better to MD5 the password in site details?)

 

Has anyone else experienced this problem?

 

Thanks, Jeremy

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.nottingham.ac.uk/pipermail/xerte/attachments/20090522/9fcc72a3/attachment.html


More information about the Xerte mailing list