Hi, stupid question. Has anyone tried the latest CVS and noticed anything unusual? The intranet module seems to have stopped working; the home page is giving me a member login screen. I don't know if it's me, or it's the Koha in CVS. Anyone can confirm this? -- Ambrose Li <a.c.li@ieee.org> http://ada.dhs.org/~acli/cmcc/ http://www.cccgt.org/ DRM is theft - We are the stakeholders
Ambrose Li a écrit:
Hi,
stupid question. Has anyone tried the latest CVS and noticed anything unusual? The intranet module seems to have stopped working; the home page is giving me a member login screen.
I don't know if it's me, or it's the Koha in CVS. Anyone can confirm this?
not a stupid question ! but i can't answer until monday/thuesday, because i'm in Dombes Abbey for my 1st koha install :-) -- Paul POULAIN Consultant indépendant en logiciels libres responsable francophone de koha (SIBGB libre http://fr.koha.org)
In article <3DEF08D6.40107@free.fr> you write:
Ambrose Li a écrit:
Hi,
stupid question. Has anyone tried the latest CVS and noticed anything unusual? The intranet module seems to have stopped working; the home page is giving me a member login screen.
I don't know if it's me, or it's the Koha in CVS. Anyone can confirm this?
not a stupid question ! but i can't answer until monday/thuesday, because i'm in Dombes Abbey for my 1st koha install :-)
I think I can reproduce this... in 1.2.3RC23. I have filed Bug 147 in bugs.koha.org. Does anyone know the structure of the users table (i.e., how are user names stored in the usercode field? how is the password stored? what is the meaning of the "level" field? and what is the relation between the "usercode" field and access to the intranet module)?
Sorry. I have marked Bug 147 invalid. The librarian can log in with the kohaadmin username and password (in both 1.2.3RC23 and CVS); and this is explained in the 1.2.3RC23 installer (though I did miss it not just once but several times; re-installing became so mechanical for me). But I guess I then have 2 questions: 1. In 1.2.2, the "kohaadmin" username and password are used strictly as a database username and password; the librarian username and password are separate. Is the change an indeed what is intended? 2. This leaves the installers of both versions asking for unused information (the librarian username and password). I guess that questions has to be taken out. Sorry for the invalid report. -- Ambrose Li <a.c.li@ieee.org> http://ada.dhs.org/~acli/cmcc/ http://www.cccgt.org/ DRM is theft - We are the stakeholders
On Sun, 8 Dec 2002 acli@ada.dhs.org wrote:
Sorry. I have marked Bug 147 invalid. The librarian can log in with the kohaadmin username and password (in both 1.2.3RC23 and CVS); and this is explained in the 1.2.3RC23 installer (though I did miss it not just once but several times; re-installing became so mechanical for me).
But I guess I then have 2 questions:
1. In 1.2.2, the "kohaadmin" username and password are used strictly as a database username and password; the librarian username and password are separate. Is the change an indeed what is intended?
In 1.2.2 the only way to authenticate was with basic authentication, and this had to be set up and maintained outside of Koha (ie by using htpasswd). Since 1.2.3, Koha has an internal authentication module, and it was intentionally decided that the username/password in /etc/koha.conf would be a superuser account.
2. This leaves the installers of both versions asking for unused information (the librarian username and password). I guess that questions has to be taken out.
I thought it only asked that question if you asked it to use basic authentication instead of Koha's internal authentication? I'll have to check that. Steve.
I'm not going to answer every question you posed, but Auth.pm should always allow the user/password that is stored in /etc/koha.conf to authenticate with full privileges (including the ability to create new accounts and set passwords through the members module). Steve. On Sun, 8 Dec 2002 acli@ada.dhs.org wrote:
In article <3DEF08D6.40107@free.fr> you write:
Ambrose Li a �crit:
Hi,
stupid question. Has anyone tried the latest CVS and noticed anything unusual? The intranet module seems to have stopped working; the home page is giving me a member login screen.
I don't know if it's me, or it's the Koha in CVS. Anyone can confirm this?
not a stupid question ! but i can't answer until monday/thuesday, because i'm in Dombes Abbey for my 1st koha install :-)
I think I can reproduce this... in 1.2.3RC23. I have filed Bug 147 in bugs.koha.org.
From a cursory glance of Auth.pm and Security.pm, it seems that user names are stored in uppercase and passwords are MD5-hashed, but I can't seem to be able create a valid user to log on to the
Does anyone know the structure of the users table (i.e., how are user names stored in the usercode field? how is the password stored? what is the meaning of the "level" field? and what is the relation between the "usercode" field and access to the intranet module)? librarian interface. Thanks very much!
-- Ambrose Li <a.c.li@ieee.org> http://ada.dhs.org/~acli/cmcc/ http://www.cccgt.org/
DRM is theft - We are the stakeholders
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Koha-devel mailing list Koha-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/koha-devel
Lets see if I can help out with how Auth.pm works: 1) the "users" table is actually called borrowers, and has "userid" and "password" fields. Note that Auth checks userid and then on cardnumber, so you can always login with your cardnumber instead of userid. 2) the kohaadmin login:password is special, it is collected from /etc/koha.conf, which is accessed through C4::Context 3) It is possible to add a userid and password to a borrowers account by going to the page: <intranet-root>/cgi-bin/koha/moremember.pl?bornum=<borrowernumber> The "right" way to get there is to search on a member name and click on the cardnumber link. Then you will need to login with the kohaadmin login:password. On the moremember page there is "Password" link. On the member-password page you can enter a userid and password. 4) userflags. The authentification system is rather incomplete at present. Only some of the pages are currently calling Auth::checkauth. Eventually all the pages should be calling Auth::checkauth. checkauth takes a $flagsrequired hash. This sets which userflags a required for the given borrower to access the page. If the borrower does not have the right userflags set C4::Auth will not allow the user to access the page. The following are possible flags: +------------------+-----------------------------------------------------+ | flag | flagdesc | +------------------+-----------------------------------------------------+ | superlibrarian | Access to all librarian functions | | circulate | Circulate books | | catalogue | Catalogue books | | parameters | Set Koha system paramters | | borrowers | Add or modify borrowers | | permissions | Set user permissions | | reserveforothers | Reserve books for patrons | | borrow | Borrow books | | reserveforself | Reserve books for self | | editcatalogue | Edit Catalogue (Modify bibliographic/holdings data) | | updatecharges | Update borrower charges | +------------------+-----------------------------------------------------+ you can also set the flags for a borrower by clicking on the "Modify User Flags" link from the moremember page. 4a) There is a default setting on the userflags table. It is possible to set every borrower to "borrow" forexample using this part of the table. 5) the password is stored in the database and encripted using md5 encryption. Im not sure exactly how it works exactly, but you can have a look yourself :-) I hope this small explanation helps, Finlay
From a cursory glance of Auth.pm and Security.pm, it seems that user names are stored in uppercase and passwords are MD5-hashed, but I can't seem to be able create a valid user to log on to the
Does anyone know the structure of the users table (i.e., how are user names stored in the usercode field? how is the password stored? what is the meaning of the "level" field? and what is the relation between the "usercode" field and access to the intranet module)? librarian interface. Thanks very much!
participants (5)
-
acli@ada.dhs.org -
Ambrose Li -
Finlay Thompson -
paul POULAIN -
Tonnesen Steve