Re: Test-Case 004 failed for WLUS 1.2-25

To: Knut Yrvin <knuty@skolelinux.no>
Cc: linuxiskolen@skolelinux.no, Petter Reinholdtsen <pere@hungry.com>, debian-edu@lists.debian.org
Subject: Re: Test-Case 004 failed for WLUS 1.2-25
From: Andreas Schuldei <andreas@schuldei.org>
Date: Wed, 21 Apr 2004 20:45:09 +0200
Message-id: <[🔎] 20040421184509.GD11657@lukas.schuldei.com>
In-reply-to: <[🔎] 200404212028.45089.knuty@skolelinux.no>
References: <[🔎] 200404211921.13779.knuty@skolelinux.no> <[🔎] 200404212011.29099.knuty@skolelinux.no> <[🔎] 20040421181738.GD426@saruman.uio.no> <[🔎] 200404212028.45089.knuty@skolelinux.no>

* Knut Yrvin (knuty@skolelinux.no) [040421 20:28]:
> onsdag 21. april 2004, 20:17, skrev Petter Reinholdtsen:
> > They just happen to be the same after installation.  It is not given
> > that they will stay the same (and probably the should not), so you
> > should consider them two different passwords.
> 
> And thats my point. In a usability-perspective, you have to handle this with 
> two password, and use the WLUS-password every time something is deleted or 
> added to the ldif-database. It's not usability to remove the need for 
> password. 

the feature request for this was born in the real world, in every
day use, by real people. the test cases are very good and
usability testing is great, but i think real life is even better.
(c:

If we have precious (!) experience with something, why throw it
over board?

> > The only reason they are the same is to avoid having to ask for two
> > admin passwords during installation.
> 
> That is also discussed and explained (and so one) three weeks ago. The 
> reason why I suggested point 2, was to show the usability-answer to what 
> Schuldei is programing: 

please call me Andras, when refering to me. this sounds awkward
to me.

> > 2. Remove the password-feeld entirely. It's not neccesary, and 
> >   the Webmin and LDAP-password is the same. 
> 
> It's a third (3) way to handle this. Schuldei could make the feeld "Admin 
> passord" with stars, when the password is cached. Then he shows that the 
> system has taken care of the WLUS-password. When it's not stars there, the 
> user-admin can type the WLUS-password again ...
> 
> This will remove the problem with usability, and show the users that the 
> password is already in place :-)

that is a good idea. i had it too and disregarded it because then
i would need to re-transmit that password in the html-code of the
page. it might get cached in the browser cache and could be
extracted somehow, by evil people. so i opted against this for
security reasons. we can do it anyway, of cause.

if i would just transmit stars or some other junk, it would seem
to webmin and wlus that this junk was entered as a password. i
cant help that, that is how http and html works. if someone knows
a good workaround i would like to hear that. if a wrong password
is typed wlus uses that one instead of the cached value.

/andreas

Reply to:

Follow-Ups:
- Re: Test-Case 004 failed for WLUS 1.2-25
  - From: Knut Yrvin <knuty@skolelinux.no>
- Re: Test-Case 004 failed for WLUS 1.2-25
  - From: Gjermund Skogstad <gjermund@skolelinux.no>

References:
- Test-Case 005 has one error with admin password handling
  - From: Knut Yrvin <knuty@skolelinux.no>
- Re: Test-Case 004 failed for WLUS 1.2-25
  - From: Knut Yrvin <knuty@skolelinux.no>
- Re: Test-Case 004 failed for WLUS 1.2-25
  - From: Petter Reinholdtsen <pere@hungry.com>
- Re: Test-Case 004 failed for WLUS 1.2-25
  - From: Knut Yrvin <knuty@skolelinux.no>

Prev by Date: Re: Test-Case 004 failed for WLUS 1.2-25
Next by Date: Re: Test-Case 004 failed for WLUS 1.2-25
Previous by thread: Re: Test-Case 004 failed for WLUS 1.2-25
Next by thread: Re: Test-Case 004 failed for WLUS 1.2-25
Index(es):
- Date
- Thread