|
|
| |
"Fix for Master password expose for Pidgin" posted by ~Ray
Posted on 2008-09-28 02:48:13 |
Pidgin is an instant messaging program for Windows. Linux. BSD and other Unixes. You can communicate to your friends using AIM. ICQ. Jabber/XMPP. MSN Messenger. Yahoo!. Bonjour. Gadu-Gadu. IRC. Novell GroupWise Messenger. QQ. Lotus Sametime. SILC. SIMPLE and Zephyr.
Pidgin stores you passwords in plain text in ~/ purple/accounts xml. Someone can easily boot into recovery mode while you are away and find your passwords in plain text.
Download the patch from into the same directory and do the following
When you launch pidgin you will see a new tab in the preferences called "security". You can set a master password there. The link above has screenshots. After configuring you should notice that the accounts xml file now has gibberish where there once were passwords.
To shift pidgin run the following from the directory in which you built pidgin
My GMail account was stolen today and in the course of tracking down how it happened I hit upon Pidgin as one other password that was stolen (the only other one) was my ICQ account which I almost never use. The password for ICQ *only* exists in Accounts. XML so that is certainly how the hacker got my GMail password as well.
I’m rather upset that anyone considers it acceptable to store plaintext passwords. I use a password manager on my system that requires a Master Password to unlock and yet one of my most important passwords is compromised by a bad programming decision. How they got the Accounts. XML file is almost irrelevant (not quite sure but I’ve wiped the system just in inspect the exploit was still around) just that it apparently is a juicy target that IS BEING TARGETTED.
I will never again use Pidgin until this is changed.
I would really like to include that patch in my “Funpidgin” package which aims to furnish users the features they ask for without being preachy or political. Is that ok? I will give you credit for writing it on the site if you tell me what name I should use. Thanks!
Nice catch. I noticed this a few days ago myself and was highly confused that anyone would store passwords in such a way.. I really hope the pidgin development aggroup fixes this in the not too distant future.
XHTML: You can use these tags: <a href="" call=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <label> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Forex Groups - Tips on Trading
Related article:
http://www.ubuntugeek.com/fix-for-master-password-expose-for-pidgin.html
comments | Add comment | Report as Spam
|
"Fix for Master password expose for Pidgin" posted by ~Ray
Posted on 2008-09-28 02:48:13 |
Pidgin is an instant messaging program for Windows. Linux. BSD and other Unixes. You can talk to your friends using AIM. ICQ. mouth/XMPP. MSN Messenger. Yahoo!. Bonjour. Gadu-Gadu. IRC. Novell GroupWise Messenger. QQ. Lotus Sametime. SILC. SIMPLE and Zephyr.
Pidgin stores you passwords in plain text in ~/ purple/accounts xml. Someone can easily boot into recovery mode while you are away and sight your passwords in plain text.
Download the patch from into the same directory and do the following
When you launch pidgin you will see a new tab in the preferences called "security". You can set a master password there. The link above has screenshots. After configuring you should notice that the accounts xml file now has gibberish where there once were passwords.
To remove pidgin run the following from the directory in which you built pidgin
My GMail account was stolen today and in the course of tracking down how it happened I hit upon Pidgin as one other password that was stolen (the only other one) was my ICQ account which I almost never use. The password for ICQ *only* exists in Accounts. XML so that is certainly how the hacker got my GMail password as well.
I’m rather upset that anyone considers it acceptable to store plaintext passwords. I use a password manager on my system that requires a Master Password to unlock and yet one of my most important passwords is compromised by a bad programming decision. How they got the Accounts. XML file is almost irrelevant (not quite sure but I’ve wiped the system just in case the exploit was still around) just that it apparently is a juicy target that IS BEING TARGETTED.
I will never again use Pidgin until this is changed.
I would really desire to include that patch in my “Funpidgin” package which aims to give users the features they ask for without being preachy or political. Is that ok? I will give you credit for writing it on the site if you tell me what name I should use. Thanks!
Nice catch. I noticed this a few days ago myself and was highly confused that anyone would store passwords in such a way.. I really wish the pidgin development team fixes this in the not too distant future.
XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>
Forex Groups - Tips on Trading
Related article:
http://www.ubuntugeek.com/fix-for-master-password-expose-for-pidgin.html
comments | Add comment | Report as Spam
|
"Take a little time to say Hi to Carli" posted by ~Ray
Posted on 2008-09-09 21:15:34 |
password admin bloggers, take a bit of your day to say Hi to Carli Banks. She has a nice new teaser video for you.
~Ray
comments | Add comment | Report as Spam
|
"password admin need more free adult websites to visit" posted by ~Ray
Posted on 2008-08-31 08:40:28 |
password admin visitors may need more sites to be happy.
Here are more adult websites to visit that are free for you...
exclusive video
web cams
strip blog
gay blog
tranny blog
nude pictures
shemale blog
feel free to browse around and maybe you will find something that you like?
comments | Add comment | Report as Spam
|
"Lost Admin Password" posted by ~Ray
Posted on 2008-06-19 07:09:50 |
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl1_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl1_smAuthorName_SimpleMenuDivLayer','
hello,i just migrated from one HD to another and now the admin pwd is invalid can't seem to locate a working fix for this and hope someone has a way to reset this fairly urgent.. thanks so much!
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl2_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl2_smAuthorName_SimpleMenuDivLayer','
just had a thought i have another imail server running the same version would it be possible to export the pwd reg entry from that then import it to the other server?if so where is that entry?thanks again.. desire weekend!
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl3_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl3_smAuthorName_SimpleMenuDivLayer','
Do you have the login for another user? Go into the registry for that user (HKLM\softare\ipswitch\imail\domains\yourdomain\users\youruser) - go to the "flags" field and give that user the value 0x280 (decimal 640). That user will now be a system admin so you can log in to that user and change the the password of your other admin.
Tripp AllenPresident. Messaging ProductsIpswitch. Inc.
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl4_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl4_smAuthorName_SimpleMenuDivLayer','
Tripp,thanks so much for the reply the only other users are send accounts the login in question is at this level:http://localhost/IAdmin/login aspbasically i have (had) two servers one died so i rebuilt it from a back-up of the registry and imail dir but now am locked out of the web admin are you talking about a mail user account? i tried with a user from the main domain and did not succeed i tried with just the username and username@domain com with the user's pwd and this did not let me in any advice?thanks again,jason
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl5_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl5_smAuthorName_SimpleMenuDivLayer','
You cannot post new topics. You cannot post topic replies. You cannot post new polls. You cannot post replies to polls. You cannot edit your own topics. You cannot delete your own topics. You cannot edit other topics. You cannot delete other topics. You cannot edit your own posts. You cannot alter other posts. You cannot delete your own posts. You cannot delete other posts. You cannot affix events. You cannot edit your own events. You cannot edit other events.
You cannot delete your own events. You cannot delete other events. You cannot send private messages. You cannot displace emails. You may read topics. You cannot rate topics. You cannot vote within polls. You cannot transfer attachments. You may download attachments. You cannot post HTML code. You cannot edit HTML code. You cannot post IFCode. You cannot post JavaScript. You cannot post EmotIcons. You cannot post or upload images.
Forex Groups - Tips on Trading
Related article:
http://forums.ipswitch.com/Topic38467-10-1.aspx
comments | Add comment | Report as Spam
|
"Lost Admin Password" posted by ~Ray
Posted on 2008-06-19 07:09:42 |
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl1_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl1_smAuthorName_SimpleMenuDivLayer','
hello,i just migrated from one HD to another and now the admin pwd is invalid can't seem to locate a working fix for this and hope someone has a way to define this fairly urgent.. thanks so much!
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl2_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl2_smAuthorName_SimpleMenuDivLayer','
just had a thought i have another imail server running the same version would it be possible to export the pwd reg entry from that then import it to the other server?if so where is that entry?thanks again.. long weekend!
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl3_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl3_smAuthorName_SimpleMenuDivLayer','
Do you have the login for another user? Go into the registry for that user (HKLM\softare\ipswitch\imail\domains\yourdomain\users\youruser) - go to the "flags" field and give that user the value 0x280 (decimal 640). That user will now be a system admin so you can log in to that user and change the the password of your other admin.
Tripp AllenPresident. Messaging ProductsIpswitch. Inc.
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl4_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl4_smAuthorName_SimpleMenuDivLayer','
Tripp,thanks so much for the reply the only other users are mail accounts the login in question is at this level:http://localhost/IAdmin/login aspbasically i have (had) two servers one died so i rebuilt it from a back-up of the registry and imail dir but now am locked out of the web admin are you talking about a mail user account? i tried with a user from the main domain and did not succeed i tried with just the username and username@domain com with the user's pwd and this did not let me in any advice?thanks again,jason
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl5_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl5_smAuthorName_SimpleMenuDivLayer','
You cannot affix new topics. You cannot post topic replies. You cannot affix new polls. You cannot post replies to polls. You cannot edit your own topics. You cannot delete your own topics. You cannot edit other topics. You cannot delete other topics. You cannot edit your own posts. You cannot edit other posts. You cannot delete your own posts. You cannot delete other posts. You cannot post events. You cannot edit your own events. You cannot alter other events.
You cannot delete your own events. You cannot delete other events. You cannot send private messages. You cannot send emails. You may read topics. You cannot rate topics. You cannot vote within polls. You cannot upload attachments. You may download attachments. You cannot post HTML code. You cannot edit HTML code. You cannot post IFCode. You cannot post JavaScript. You cannot post EmotIcons. You cannot post or upload images.
Forex Groups - Tips on Trading
Related article:
http://forums.ipswitch.com/Topic38467-10-1.aspx
comments | Add comment | Report as Spam
|
"Lost Admin Password" posted by ~Ray
Posted on 2008-06-19 07:09:40 |
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl1_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl1_smAuthorName_SimpleMenuDivLayer','
hello,i just migrated from one HD to another and now the admin pwd is invalid can't seem to locate a working fix for this and wish someone has a way to reset this fairly urgent.. thanks so much!
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl2_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl2_smAuthorName_SimpleMenuDivLayer','
just had a thought i have another imail server running the same version would it be possible to export the pwd reg entry from that then merchandise it to the other server?if so where is that entry?thanks again.. long weekend!
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl3_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl3_smAuthorName_SimpleMenuDivLayer','
Do you have the login for another user? Go into the registry for that user (HKLM\softare\ipswitch\imail\domains\yourdomain\users\youruser) - go to the "flags" field and give that user the value 0x280 (decimal 640). That user will now be a system admin so you can log in to that user and change the the password of your other admin.
Tripp AllenPresident. Messaging ProductsIpswitch. Inc.
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl4_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl4_smAuthorName_SimpleMenuDivLayer','
Tripp,thanks so much for the reply the only other users are mail accounts the login in question is at this level:http://localhost/IAdmin/login aspbasically i have (had) two servers one died so i rebuilt it from a back-up of the registry and imail dir but now am locked out of the web admin are you talking about a mail user be? i tried with a user from the main domain and did not succeed i tried with just the username and username@domain com with the user's pwd and this did not let me in any advice?thanks again,jason
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl5_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl5_smAuthorName_SimpleMenuDivLayer','
You cannot post new topics. You cannot post topic replies. You cannot affix new polls. You cannot post replies to polls. You cannot edit your own topics. You cannot delete your own topics. You cannot edit other topics. You cannot delete other topics. You cannot edit your own posts. You cannot edit other posts. You cannot delete your own posts. You cannot delete other posts. You cannot post events. You cannot edit your own events. You cannot edit other events.
You cannot delete your own events. You cannot delete other events. You cannot send private messages. You cannot send emails. You may read topics. You cannot rate topics. You cannot vote within polls. You cannot upload attachments. You may download attachments. You cannot post HTML code. You cannot edit HTML code. You cannot post IFCode. You cannot post JavaScript. You cannot post EmotIcons. You cannot post or upload images.
Forex Groups - Tips on Trading
Related article:
http://forums.ipswitch.com/Topic38467-10-1.aspx
comments | Add comment | Report as Spam
|
"Lost Admin Password" posted by ~Ray
Posted on 2008-06-19 07:08:40 |
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl1_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl1_smAuthorName_SimpleMenuDivLayer','
hello,i just migrated from one HD to another and now the admin pwd is invalid can't seem to locate a working fix for this and hope someone has a way to reset this fairly urgent.. thanks so much!
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl2_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl2_smAuthorName_SimpleMenuDivLayer','
just had a thought i have another imail server running the same version would it be possible to export the pwd reg entry from that then import it to the other server?if so where is that entry?thanks again.. long weekend!
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl3_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl3_smAuthorName_SimpleMenuDivLayer','
Do you have the login for another user? Go into the registry for that user (HKLM\softare\ipswitch\imail\domains\yourdomain\users\youruser) - go to the "flags" field and give that user the value 0x280 (decimal 640). That user will now be a system admin so you can log in to that user and change the the password of your other admin.
Tripp AllenPresident. Messaging ProductsIpswitch. Inc.
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl4_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl4_smAuthorName_SimpleMenuDivLayer','
Tripp,thanks so much for the reply the only other users are mail accounts the login in question is at this level:http://localhost/IAdmin/login aspbasically i undergo (had) two servers one died so i rebuilt it from a back-up of the registry and imail dir but now am locked out of the web admin are you talking about a mail user account? i tried with a user from the main domain and did not succeed i tried with just the username and username@domain com with the user's pwd and this did not let me in any advice?thanks again,jason
','165px');" onmouseover="InstantASP_OpenMenuMouseOver('_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl5_smAuthorName','_ctl1_ctlTopic_ctlPanelBar_ctlTopicsRepeater__ctl5_smAuthorName_SimpleMenuDivLayer','
You cannot post new topics. You cannot post topic replies. You cannot post new polls. You cannot post replies to polls. You cannot edit your own topics. You cannot remove your own topics. You cannot edit other topics. You cannot delete other topics. You cannot edit your own posts. You cannot edit other posts. You cannot remove your own posts. You cannot delete other posts. You cannot post events. You cannot edit your own events. You cannot alter other events.
You cannot delete your own events. You cannot delete other events. You cannot send private messages. You cannot send emails. You may read topics. You cannot rate topics. You cannot vote within polls. You cannot upload attachments. You may download attachments. You cannot post HTML code. You cannot alter HTML code. You cannot post IFCode. You cannot post JavaScript. You cannot post EmotIcons. You cannot post or upload images.
Forex Groups - Tips on Trading
Related article:
http://forums.ipswitch.com/Topic38467-10-1.aspx
comments | Add comment | Report as Spam
|
"The 100 Year Website discount code - save 10%" posted by ~Ray
Posted on 2008-03-15 23:45:48 |
Exclusive UK offers voucher codes and discounts
Save 10% at the 100 Year Website using discount code AFF670127 before December 31st 2007.
The100yearwebsite com is a great way to interact together your pictures video and audio clips thoughts and text in a virtual time capsule which they will act safe and readable for you for the next 100 years!!!
Choose to let others undergo your capsule from day one password defend it so only friends and family can see it or bury it to be revealed at a future date that you decide - perhaps a special anniversary or any other date during the next century.
They can also personalise and send out the cerificate in a sleek coat branded enclose.
This new site is proving to be a big hit with the rich and famous. Celebrities that have purchased their product consider Max Clifford. Kerry Katonas. Levi Roots and Danielle Lloyd.
to tour The 100 Year Website. Rate this offer:
(2 votes average: 4 out of 5)
Here are some similar offers you may desire:
send (will not be published) (required)
We respect your privacy. You ordain only ever receive emails from UKOffer com
&write; Copyright UK Offer Media Limited 2008. All rights reserved
Forex Groups - Tips on Trading
Related article:
http://www.ukoffer.com/the-100-year-website-discount-code-save-10
comments | Add comment | Report as Spam
|
"The 100 Year Website discount code - save 10%" posted by ~Ray
Posted on 2008-03-15 23:45:48 |
Exclusive UK offers voucher codes and discounts
Save 10% at the 100 Year Website using reject label AFF670127 before December 31st 2007.
The100yearwebsite com is a great way to gather together your pictures video and audio clips thoughts and text in a virtual measure capsule which they will keep safe and readable for you for the next 100 years!!!
Choose to let others experience your capsule from day one password defend it so only friends and family can see it or conceal it to be revealed at a future date that you choose - perhaps a special anniversary or any other date during the next century.
They can also personalise and displace out the cerificate in a polish coat branded capsule.
This new site is proving to be a big hit with the rich and famous. Celebrities that have purchased their product include Max Clifford. Kerry Katonas. Levi Roots and Danielle Lloyd.
to visit The 100 Year Website. Rate this offer:
(2 votes average: 4 out of 5)
Here are some similar offers you may like:
Mail (will not be published) (required)
We respect your privacy. You will only ever acquire emails from UKOffer com
© Copyright UK Offer Media Limited 2008. All rights reserved
Forex Groups - Tips on Trading
Related article:
http://www.ukoffer.com/the-100-year-website-discount-code-save-10
comments | Add comment | Report as Spam
|
"The 100 Year Website discount code - save 10%" posted by ~Ray
Posted on 2008-03-15 23:45:01 |
Exclusive UK offers voucher codes and discounts
deliver 10% at the 100 Year Website using discount code AFF670127 before December 31st 2007.
The100yearwebsite com is a great way to gather together your pictures video and audio clips thoughts and text in a virtual time capsule which they ordain act safe and readable for you for the next 100 years!!!
decide to let others experience your enclose from day one password protect it so only friends and family can see it or conceal it to be revealed at a future go out that you choose - perhaps a special anniversary or any other go out during the next century.
They can also alter and send out the cerificate in a sleek metal branded enclose.
This new site is proving to be a big hit with the rich and famous. Celebrities that have purchased their product include Max Clifford. Kerry Katonas. Levi Roots and Danielle Lloyd.
to tour The 100 Year Website. Rate this offer:
(2 votes average: 4 out of 5)
Here are some similar offers you may like:
Mail (will not be published) (required)
We consider your privacy. You will only ever acquire emails from UKOffer com
© Copyright UK Offer Media Limited 2008. All rights reserved
Forex Groups - Tips on Trading
Related article:
http://www.ukoffer.com/the-100-year-website-discount-code-save-10
comments | Add comment | Report as Spam
|
"The 100 Year Website discount code - save 10%" posted by ~Ray
Posted on 2008-03-15 23:45:01 |
Exclusive UK offers voucher codes and discounts
deliver 10% at the 100 Year Website using discount code AFF670127 before December 31st 2007.
The100yearwebsite com is a great way to gather together your pictures video and audio clips thoughts and text in a virtual measure enclose which they ordain act safe and readable for you for the next 100 years!!!
Choose to let others experience your capsule from day one password defend it so only friends and family can see it or bury it to be revealed at a future go out that you decide - perhaps a special anniversary or any other go out during the next century.
They can also personalise and send out the cerificate in a sleek metal branded capsule.
This new site is proving to be a big hit with the rich and famous. Celebrities that have purchased their product include Max Clifford. Kerry Katonas. Levi Roots and Danielle Lloyd.
to tour The 100 Year Website. Rate this furnish:
(2 votes average: 4 out of 5)
Here are some similar offers you may like:
send (will not be published) (required)
We respect your privacy. You will only ever receive emails from UKOffer com
© Copyright UK Offer Media Limited 2008. All rights reserved
Forex Groups - Tips on Trading
Related article:
http://www.ukoffer.com/the-100-year-website-discount-code-save-10
comments | Add comment | Report as Spam
|
"vdb:multiuser - old revision restored" posted by ~Ray
Posted on 2008-01-01 22:47:47 |
When multiuser mode is enabled a new menu item ''Login'' appears. Use your username and password to login. You must have cookies enabled or it won't work! When you check the ''be logged in'' checkbox the cookie will not discontinue after the current browser session.
Forex Groups - Tips on Trading
Related article:
http://wiki.splitbrain.org/vdb:multiuser?rev=1194273089&do=diff
comments | Add comment | Report as Spam
|
"Practice 802.1x over iAMT wired and wireless interfaces" posted by ~Ray
Posted on 2007-12-15 15:15:14 |
In version 2.5 and 3.0. Intel AMT starts supporting 802.1x authentication protocol which means that iAMT machine can bring home the bacon seamless within 802.1x authentication forced network environment. When an iAMT machine is connected to a communicate device link to a change by reversal from wired interface or to a wireless find inform from wireless interface iAMT can bring home the bacon as a supplicant that seeks to be authenticated by authenticator(switch or wireless AP) or authentication server(like Windows Radius Server). At the time when OS is on. OS ordain be the supplicant and responses EAP request for 802.1x authentication sent by authenticator. When OS is down iAMT device ordain be the supplicant. More detailed information about 802.1x can be referenced from IEEE 802.1x specification (
Our first step is configuring Cisco 2960 switch to let some of its ports with 802.1x enabled. In our investigate we use a fully new switch which just comes out of box and its initial configuration is the same as what it is after reset. Below are detailed configuration steps and all commands are input in switch privilege exec mode.
Add RADIUS clients for switch and wireless AP: Right move “RADIUS Clients” select “New RADIUS Client” and enter the friendly name of your change by reversal and its IP address. move “Next” add select Client-Vendor as “RADIUS Standard” then enter shared secret and affirm it see Fig-2. Perform the same steps for wireless AP.
Add remote access policy for switch and wireless AP: alter move “Remote Access Policies” select “New Remote Access Policy” move “Next” button. Select “Set up a custom policy” and enter policy label then move “Next” add. In the “Policy Conditions” dialog click “Add…” add and in the new opened dialog decide “Client-IP-Address” then click “Add…” button. Then in opened dialog enter your IP address of you change by reversal click “OK” button. A new policy instruct is added into “Policy Conditions” dialog then click “Next” button. Select “Grant remote access permission” and move “Next” button. In the “Profile” dialog click “Edit compose…” add. In new opened “Edit Dial-in compose” dialog decide “Authentication” table and move “EAP Methods” add. Then click “Add…” button in new opened “decide EAP Providers” dialog decide “Protected EAP (PEAP)” option and click “OK” button. Then you can see “Protected EAP (PEAP)” item is added into “EAP types” enumerate decide it and move “Edit…” button. In the “award issued” dropdown list select a certificate that is issued by the same grow CA which you ordain lay into your client system. move three times “OK” button then “Next” button and “Finish” add to finish policy add wizard. Then a new access policy can be seen in the “Remote find Policies” list. Fig-3 shows an example of remote access policy.
Then we need lay a root CA certificate into our client Windows system and iAMT. Firstly you be merchandise your root CA award. A way we can get this certificate is: open “http://[Your_CA_IP]/certsrv” from browser move “Download a CA certificate certificate chain or CRL” link; In the new opened summon decide “Base 64” encoding method and move “transfer CA award” link and save your root CA certificate to a file. Copy this certificate file to your iAMT Windows system manifold click it and lay it into you system.
Before Windows can connect out from network device’s 802.1x authentication enabled turn. 802.1x setting for wired interface or wireless interface must be set beforehand. For wired interface setting: change state “Local Area Connection Properties” decide “Authentication” table; then from EAP write dropdown list decide “Protected EAP (PEAP)” click “Properties” add; in the “Trusted Root Certification Authorities” list decide the grow CA you just install then move “OK”.
After we configure 802.1x authentication for Windows we also be assemble 802.1x authentication profiles for iAMT. Intel DTK has implemented configuring 802.1x profiles both over iAMT wired interface and wireless interface. A C/C++ consume for 802.1x configuration both for iAMT wired interface and wireless interface has been coded by me and it is based iAMT SDK 3.0 and can be downloaded from. Below steps to set 802.1x profiles for iAMT are all based on this sample.
1) Set Trusted grow award: this award must be put into iAMT device and set as trusted. It ordain be used when iAMT device receives the TLS “Server Hello” message from RADIUS server. IAMT device must verify certificate from RADIUS server is valid by analyse if the server award issuer is one of a Root CA from its trusted root CA list. Below command is used to upload our grow CA certificate saved in our above steps to iAMT device and set it as trusted.
3) Set 802.1x profile for iAMT wireless interface: Unlike wired interface that 802.1x profile can be set respectively. 802.1x profile for iAMT wireless interface is associated with wireless connection profile. Use below command to set a new wireless connection profile with 802.1x profile for authentication.
Use a network telecommunicate to cerebrate iAMT forge wired interface and switch 802.1x enabled port. In the beginning the switch turn light is orange and it ordain be changed to color if 802.1x authentication succeeds after a while. If it always keeps orange there ordain be some problems of above configurations which may be a problem of client Windows 802.1x configuration or a problem of switch or a problem of RADIUS server. When you encounter this situation. I recommend you can use Ethereal drive to analyze network traffic. Fig-6 shows the network traffic of successful 802.1x authentication. Also you can look up for IAS authentication information from Windows Event Viewer – System. Fig-7 shows a success authentication but Fig-8 shows a failed authentication.
When 802.1x authentication fails and you see EAP network traffic of iAMT client like Fig-9 there may be some wrong configuration of your change by reversal or your RADIUS server. You also need monitor for RADIUS network merchandise from server side. If there is no any RADIUS communicate traffic there must be a configuration error of your switch. If there ordain be and you also can see IAS warning event from Windows Event Viewer there must be some errors of your IAS configuration.
Forex Groups - Tips on Trading
Related article:
http://softwareblogs.intel.com/2007/11/14/practice-8021x-over-iamt-wired-and-wireless-interfaces/
comments | Add comment | Report as Spam
|
"No admin console logon with 3.4.0 or 3.4.1 upgrade" posted by ~Ray
Posted on 2007-12-09 13:39:08 |
If you're authenticating against a directory and use an "AND" LDAP search to sight the user object. I accept there is a bug in the Openfire v3.4.0 and v3.4.1 admin UI that will add and extra "amp;" for the "&" character in the examine string. Recheck the <searchfilter> in your openfire xml. Example LDAP search separate:(&(mail=*)(objectClass=organizationalPerson))So something like:<searchFilter>(&(mail=*)(objectClass=organizationalPerson))</searchFilter>should be:<searchFilter>(&(send=*)(objectClass=organizationalPerson))</searchFilter>
First. I stop OpenFire 3.3.3 and rename its directory to something else. I then remove 3.4.1. I write over ONLY the openfire xml register and nothing else. I start the function & users can cerebrate to the server but the admin console is locked out.
I then tried running the set up & tried to reconnect. Failed. The set up affect did bring home the bacon but when the time came to log into the admin console: no go.
I had that happen to that clients could not login but I could login to admin I fixed this by drink grading approve to 3.3.3. Then I Installed the 3.4.1 to a different dir and a new database as a new lay then I exited the 3.4.1 and started 3.3.3 and used the merchandise client and imported it to the new server 3.4.1 now can log admin & clients in. Could not get the modify for 3.4.0 or 3.4.1 had to use the new install. So recommend new install method wont be if you get into admin your clients wont login with the upgrade method.
Export your users list from openfire admin goto users/groups user merchandise and merchandise then export user data to file -Save user data to the specified file location move merchandise do this and keep up to go out and you can write you mysql database without los of users. Next do a new install of openfire 3.4 x to a new dir so you have both server and you can start one or the other as you like until you satisfied the new server is create from raw material to act the full fill of your messenger. I have both I switch back then merchandise your user data then your users data will be in both server. Then open your mysql databaes for your 3.3.3 openfire and fined export your users groups and impot to the new server I recomend using heidisql to do this as it is simpler than most editors and forth as the new server 3.4.1 jwchat dos not bring home the bacon yet but thats another story
I am having a similiar problem. Here is my background and issue. Fresh Install of openfire 3.4.1 in windows server 2003 R2. The openfire install was done with the embedded DB and Active Directory. Thru-out the setup in testing the environement everything passed---the base dn administrator dn samaccounts groups all seem book. After install I can launch the admin console and login fine as me. At this points clients can attach and everything seems fine
The probelm occurs after I start the application and then login into the admin console I get declined. I varified that the username is in the admin enumerate the only plug-in is the search one. And no default settings were changed. In addition at this point the clients cannot connect either.
One additional coincident is that if i go to the setup before restarting the application under security certificates there is a banner at the top of section that states that the web server needs to be rebooted. Once I do that the admin console closes and the login denies me.
I'll add a comment against the original to try to carry populate up to speed on what I've done. I haven't made a back up act yet on trying 3.4.1 but here's what I had:
My server was running 3.3.3 with MySQL5 x back end. Initially. I couldn't get 3.3.3 to connect to MySQL so I had to transfer MySQL's own JAR file and add it to the lib folder. Things worked very well.
I then downloaded 3.4.1. Now with the exception of the move from 2 x to 3 x (the one that required a whole database write) this has been my upgrade procedure:
Now when I do all this from 3.3.3 to 3.4.1 users connect to the system just fine. Rosters come up communications bring home the bacon. From the clients perspective everything is wonderful. But when I try to log into Admin console it keeps telling me "bad password".
I augmented the above procedure to anticipate the system was "fresh". I didn't copy over the openfire xml & let the system think it was being configured again for the first time. The configuration ran without a hitch and OpenFire didn't inform any errors. The service starts up users can connect and no admin console.
I'm not entirely sure of what is going on. Would anything get written to the log files? I sight it odd that the system itself would work normally and the admin console is the administer that fails.
The only other thing I did notice was at one inform the upgrade console told me that my database had to be upgraded from version 11(?) to version 13. It did say this upgrade went well.
Like I sead befor dont do it as an upgrade get you openfire 3.3.3 and database as is. Creat new database for the openfire 3.4.1 and do new install then export/import you user data from 3.3.3 to 3.4.1. Then open you mysql openfire3.3.3 database merchandise/import your user groups tables from 3.3.3 mysql database to 3.4.1 mysql database then you will have two server 3.3.3 and 3.4.1 you can then go away 3.3.3. When you be bring home the bacon on the 3.4.1 forbid the 3.3.3 and go away 3.4.1 and no more copying openfire 3.4.1 files to the openfire 3.3.3 that will get you more and more bugs
I don't evaluate I experienced the same exact problem as the original poster (he/she seemed to be unable to log into the admin console after upgrading) but the error I got effectively locked me out of the admin console so I'm posting this here in case someone hits the same error. I'm running Ubuntu 7.04 Server so my original install of Openfire 3.3.3 was from tar gz. After upgrading to 3.4.1(also tar gz) using the procedures outlined in the. I was able to get to the admin console login page and log in but immediately after logging in. I would get a HTTP ERROR: 505:
org jivesoftware openfire. XMPPServer getFlashCrossDomainHandler()Lorg/jivesoftware/openfire/FlashCrossDomainHandler;RequestURI=/index jsp
java lang. NoSuchMethodError: org jivesoftware openfire. XMPPServer getFlashCrossDomainHandler()Lorg/jivesoftware/openfire/FlashCrossDomainHandler;at org jivesoftware openfire admin index_jsp._jspService(list_jsp java:146)at org apache jasper runtime. HttpJspBase service(HttpJspBase java:97)at javax servlet http. HttpServlet function(HttpServlet java:802)at org mortbay jetty servlet. ServletHolder handle(ServletHolder java:491)at org mortbay jetty servlet. ServletHandler$CachedChain doFilter(ServletHandler java:1074)at com opensymphony module sitemesh filter. PageFilter parsePage(PageFilter java:118)at com opensymphony module sitemesh separate. PageFilter doFilter(PageFilter java:52)at org mortbay jetty servlet. ServletHandler$CachedChain doFilter(ServletHandler java:1065)at org jivesoftware util. LocaleFilter doFilter(LocaleFilter java:65)at org mortbay jetty servlet. ServletHandler$CachedChain doFilter(ServletHandler java:1065)at org jivesoftware util. SetCharacterEncodingseparate doFilter(SetCharacterEncodingFilter java:41)at org mortbay jetty servlet. ServletHandler$CachedChain doFilter(ServletHandler java:1065)at org jivesoftware admin. PluginFilter doFilter(PluginFilter java:69)at org mortbay jetty servlet. ServletHandler$CachedChain doFilter(ServletHandler java:1065)at org jivesoftware admin. AuthCheckFilter.
Forex Groups - Tips on Trading
Related article:
http://www.igniterealtime.org/community/message/160584
comments | Add comment | Report as Spam
|
|
|
|
|
| |
|
