[ic] BUG: default encrypted admin password is not portable

Mike Heins mikeh@minivend.com
Wed, 20 Sep 2000 01:59:54 -0400

Quoting Mark Stosberg (mark@summersault.com):
> Hello, 
>   I recently set up Interchange 4.5.5 for the first time. My OS is
> FreeBSD 3.1 and I'm using Perl 5.005_02.
>   Things went fairly smoothly, but I could not log into the
> administrative interface because of a "password mismatch error". Since I
> was using the correct username and the default 'pass' word, I suspected
> that the failure was because that the encryption of the original text
> varied from the way my system did it. I proceeded to try to encrypt my
> own password the way that Minivend does using my systems native "crypt"
> system. I produced a new encrypted password like this:
> > cd ~mvend/lib
> >  perl -e 'use Vend::Util; print crypt("pass",Vend::Util::random_string(2))."\n";'
> After pasting the result over the old password in access.txt, I was able
> to access the admin area with the username 'pass' as I expected. 
> I recommend that Interchange creates the default encrypted passwords in
> a manner like this as part of the "makecat" process, rather than relying
> on the OS to have a compatible encryption system. 

This has already been done.

Akopia, Inc., 131 Willow Lane, Floor 2, Oxford, OH  45056
phone +1.513.523.8220 fax 7501 <heins@akopia.com>

I have a cop friend who thinks he ought be able to give a new ticket;
"too dumb for conditions".