Forums/Version 1/General Questions
What are your application password constraints?
Charles Heck
asked this on November 09, 2010 00:09
I recently purchased your BC-16480A capture card. After loading the Bluecherry Ubuntu distro, I spent a considerable amount of time navigating and making changes to fit my environment. I added an additional user and reset both the user and Admin passwords to considerable strength (ie 6-8 characters Alpha-Numeric, 1 Upper, 1 Lower, 1 special character). Committed the changes only to find I am no longer able to authenticate?! Rather than dig into the database to drop the privs (see cleartext creds available @ /etc/dvr.conf), I decided to reload.
I then proceeded to set a MUCH simpler password (alpha-numeric), once again committed the changes and found myself in the exact situation as before. What are the application password constraints please?
Comments
Charles,
Once you add a user you need to then edit his access schedule. By default newly added users are not allowed to login or access the system. If you click on 'Edit Access' you will then be able to select the feature(s) they have access to (web login, PTZ control, etc). You also *have* to select the time(s) the user can login. By default the entire time schedule is red (preventing access).
This is alot of work to add users and has been simplified in version 2.
Instead of reloading the system you can open a ticket and see if someone can login and update the access schedule for you.
Thanks
Hi Curtis,
I failed to mention that when I added the user, I modified the permitted access times to 24-7 and gave it setup rights. Once I changed both passwords as mentioned previously, I was completely locked out and had to abandon the installation. Thoughts?
Charles,
I would open a ticket with the login details (we would need port 22 and port 80 open). We'll login and see if the password is updating correctly.
Are you using a specific web browser to make the setup changes or are you using the 'Setup' button inside the application?
Thanks
Curtis,
Thanks for your response. I've used both methods (Setup within the DVR console and browser). I've since reloaded the system as the application was completely inaccessible. Am I to understand then that your application can only be configured with weaker passwords? Do you and your team have plans to leverage an external source of authentication/authorization (ie LDAPS/Kerberos) in your future implementations?
The authentication issue when using stronger passwords in the application is persistent from an out-of-the-box, vanilla installation. Is there any way I might be approved for the v2 Beta I signed up for recently?
Charles,
There are no checks for the complexity of the password, so anything can be used.
LDAP has been mentioned in passing with other customers, but we do not have support for it and it's not currently on the roadmap for version 2. Feel free to add this suggestion with any technical details you would require on http://ideas.bluecherrydvr.com and we'll take a look at it based on the number of votes it receives.
Can you give me an example of the password you are using? I'll see if I can duplicate it here. Also, you should receive an email tomorrow or Thursday with instructions on downloading the beta. It will require a clean installation of 10.04, but being that you've already reloaded once I doubt that will be an issue.
Thanks
Charles,
Upon closer inspection any special character in the password field is ignored, so version 1 only supports alpha numeric characters. I've checked with the developers and this is resolved in version 2.
Thanks
After some testing, I was able to arrive at the same conclusion that the v1 implementation only supports a single numeric combined with alpha characters. I will review your existing v2 feature requests and contribute where necessary. I think the ability to tie into an external authentication service would be a significant selling point for larger enterprises with a need to delegate access to a large user base using an RBAC model.
Thanks!
Since it is a useful feature I went ahead and added it to the roadmap:
http://improve.bluecherrydvr.com/issues/455
Bug resolved:
http://improve.bluecherrydvr.com/issues/454