[BlueOnyx:16969] Re: BlueOnyx 5209R BETA released

[Michael Stauber]

Hi Ernie,

> I noticed that the password strength test is a lot harder in 5209R compared
> to 5207R which I have been running. It takes a long time to come up with a
> password which it accepts, and none of my 5207R passwords are accepted.
> 
> That's a problem for a couple of reasons

You are absolutely correct about this, Ernie. That is why I just
published 68 updates which bring the password checker back to the form
that we all came to love (and hate) on all other BlueOnyx systems. So
after a "yum update" (and a restart of admserv) 5209R will have the same
password check as the other BlueOnyx versions.

Here is how and why the password check in the initial Beta release was
so over the top. I'll explain it for the technically inclined:

The "old" password check was done by the PHP module "crack-0.4", which
uses cracklib. The latest version of crack-0.4 that is available from
PHP.net via PECL is incompatible with PHP-5.4 (or newer). So we couldn't
build that. I tried. But couldn't get it to work.

We did have other PHP modules that also wouldn't compile. Such as the
CCE module that allows PHP scripts to communicate with CCEd. Or the
"i18n" PHP module that handles the localization of the GUI.

So in an effort of a couple of weeks I replaced these three with native
PHP classes. The (new) password checker was done by someone else and the
license under which it was published allowed us to use it. The other
classes I did myself.

Sadly, the new password check was really over the top. So today Chris
Gebhardt also complained about it (and I knew others would as well). So
I went back and gave crack-0.4 another try. I found a Patch to it for
PHP-5.4.16 that was done by the Gentoo maintainers in their own CVS
repository and that patch actually works perfectly.

So I published an updated sausalito-i18n module with it and also update
base-admserv to use crack.so again in its php.ini.

Lastly: The majority of the other patches from today fix issues of
special characters in passwords. In the past you could set passwords
(for MySQL for example) that contain special characters like !$%&' and
so on. This is no longer allowed, as certain programs such as PHP or the
Perl module to communicate with MySQL cannot support these special
characters in passwords. So the MySQL password (and the one for the JSP
server) are limited to type 'alphanum_plus', which means: letters,
numbers, "-", "." and "_". For user accounts you can use pretty much the
entire scope of special characters as before.

Even "@^°{[]}\?~*+#';:.,-_<>|" is now a valid password that won't break
anything. Well ... except your fingers when you need to type it in
manually. :p

> Also I noticed that when editing the vsite template settings page using Firefox and
> clicking save, the screen gets a grey mask with a blue progress bar that
> just sits there, no way out except to refresh the page. The settings are
> being saved ok it's just a graphical glitch of some sort.

That's weird. It works fine in my Firefox, so I don't know what to make
of that.

-- 
With best regards

Michael Stauber