[Frugalware-devel] Trac migration: not importing users accounts.
xarkam.ubuntu.fr at gmail.com
Wed Oct 5 11:33:09 CEST 2011
There is no solution.
The tool for recovering passwords still request the old one.
Or send an email, or the time to migrate it is put on a private
address over time to create the large accounts.
2011/10/5 Krisztian VASAS <iron at ironiq.hu>:
> On Wed, 5 Oct 2011 02:30:46 -0600, Marius Cirsta wrote:
>> On Wed, Oct 5, 2011 at 2:24 AM, Miklos Vajna <vmiklos at frugalware.org>
>>> On Wed, Oct 05, 2011 at 10:14:37AM +0200, Xarkam Ubuntu
>>> <xarkam.ubuntu.fr at gmail.com> wrote:
>>>> I decided not to import users.
>>>> This is because of non md5 passwords in database flyspray. (you have a
>>>> mix of md5 passwords and not md5 in database).
>>>> And also, the md5 hash in flyspray are not compatible with apache or
>>>> digest auth
>>> But what about importing users, without passwords? So everybody would
>>> have to reset their pass before the first login.
>>>> The alternative is to send a new password by email, but also in to the
>>>> email addresses of bots.
>>> No need to send such an email automatically - I guess it's possible for
>>> a user to request such an email?
>>>> This choice dont impact the trac ticket user reporter, owner, ect...
>>> I don't really get this one - let's say #1337 is assigned to me and it's
>>> imported in trac. Now I create my new login, since users are "not
>>> imported" - so there will be two "vmiklos" users in the db? That sounds
>>> like a big mess. ;)
>>> The above suggestion would solve this situation.
>> Sounds like a good plan to just import the users and have them choose
>> a new password. We must make sure though that accounts can't be
>> stolen. Let's say I have the mcirsta account , which has certain
>> rights in flyspray. If someone just takes over the mcirsta account in
>> trac I won't be very happy about it.
>> An idea would be to send links to registered flyspray users that will
>> let them choose a new pass ( or the same one ) in trac. Otherwise how
>> do we confirm the trac vmiklos is the same as the flyspray vmiklos and
>> not a fake vmiklos intent o destroying FW ? :).
> I think a good choice can be to transfer the users with the same rights and
> a temporary password for each user. The users should recover the password
> with the built-in password recovery mechanism... With this you can be sure
> that the given user is the same in the new bts (if the email address is
> still valid)...
> System Administrator
> Member of Frugalware Developer Team
> Frugalware-devel mailing list
> Frugalware-devel at frugalware.org
More information about the Frugalware-devel