Re: Test-Case 004 failed for WLUS 1.2-25
* Knut Yrvin (firstname.lastname@example.org) [040421 20:28]:
> onsdag 21. april 2004, 20:17, skrev Petter Reinholdtsen:
> > They just happen to be the same after installation. It is not given
> > that they will stay the same (and probably the should not), so you
> > should consider them two different passwords.
> And thats my point. In a usability-perspective, you have to handle this with
> two password, and use the WLUS-password every time something is deleted or
> added to the ldif-database. It's not usability to remove the need for
the feature request for this was born in the real world, in every
day use, by real people. the test cases are very good and
usability testing is great, but i think real life is even better.
If we have precious (!) experience with something, why throw it
> > The only reason they are the same is to avoid having to ask for two
> > admin passwords during installation.
> That is also discussed and explained (and so one) three weeks ago. The
> reason why I suggested point 2, was to show the usability-answer to what
> Schuldei is programing:
please call me Andras, when refering to me. this sounds awkward
> > 2. Remove the password-feeld entirely. It's not neccesary, and
> > the Webmin and LDAP-password is the same.
> It's a third (3) way to handle this. Schuldei could make the feeld "Admin
> passord" with stars, when the password is cached. Then he shows that the
> system has taken care of the WLUS-password. When it's not stars there, the
> user-admin can type the WLUS-password again ...
> This will remove the problem with usability, and show the users that the
> password is already in place :-)
that is a good idea. i had it too and disregarded it because then
i would need to re-transmit that password in the html-code of the
page. it might get cached in the browser cache and could be
extracted somehow, by evil people. so i opted against this for
security reasons. we can do it anyway, of cause.
if i would just transmit stars or some other junk, it would seem
to webmin and wlus that this junk was entered as a password. i
cant help that, that is how http and html works. if someone knows
a good workaround i would like to hear that. if a wrong password
is typed wlus uses that one instead of the cached value.