|
Grex > Coop > #299: Discussion of newuser. | |
|
| Author |
Message |
| 25 new of 85 responses total. |
nharmon
|
|
response 41 of 85:
| 
Dec 10 17:21 UTC 2010 |
Sometimes big reforms require small changes be implemented first, veek.
|
cross
|
|
response 42 of 85:
|
Dec 10 17:31 UTC 2010 |
resp:40 I'm sorry, veek, but you appear to have a very, very
small-system mindset. History has shown that we can't just give
shell access to Grex. It sucks, but there it is. Are you going
to clean up after the Chad's of the world? No. Odds are good that
I'm going to be the one who cleans up the messes. In that context,
I am *so* unconcerned about someone having to take a few extra
*seconds* to check their email to get a password.
If we had a web pages that didn't look like they dated from 1994,
maybe we'd have more users for this to be an issue. But we don't,
and it's not. Let's work on things that are important, like getting
the web pages up to date, and then we can start worrying about this
stuff.
|
tsty
|
|
response 43 of 85:
|
Dec 11 07:16 UTC 2010 |
i;m glad cross is redoing newuser ... miy comment was historical.
the futeur wiell be differnet... and if newuewr creates NO passwed for the
new logins ... doenslt that open the flooldgarttes? charlie woueild object?
|
cross
|
|
response 44 of 85:
|
Dec 11 22:05 UTC 2010 |
resp:43 I don't understand. Newuser *does* create a password for the
user. Who's charlie?
|
jgelinas
|
|
response 45 of 85:
|
Dec 12 13:24 UTC 2010 |
I think you are moving in the right direction, cross. I only wish I
could be more useful in the endeavour.
|
kentn
|
|
response 46 of 85:
|
Dec 12 14:51 UTC 2010 |
It's helpful to show support, Joe. Thanks!
|
tsty
|
|
response 47 of 85:
|
Dec 13 17:04 UTC 2010 |
re 45 ... what gelinas said.
re 43 ... ummm, newuser process prompts new-loginid to create a passwd.
then why email that pasaswd to new-logoind's alt email addrs? or does
the newuwer process wipe out new-logoind's self-created passwd, assign a new
passwd and then email that onwe ?
as of now, i can see every bad reason to email passwds and no good ones.
charlie == charlie root ... from whom we (both??) eget daily emails. eh?
|
cross
|
|
response 48 of 85:
|
Dec 13 17:09 UTC 2010 |
resp:43 Are you talking about the captcha? That's not the user's password.
|
tsty
|
|
response 49 of 85:
|
Dec 14 02:58 UTC 2010 |
putty now has a capthca ???? i;ll have to look at teh web version again.
|
remmers
|
|
response 50 of 85:
|
Dec 14 17:08 UTC 2010 |
I like the email and captcha features in pnewuser. They're definitely
in line with common practice nowadays.
Hm, a while back I think I said I was going to post suggestions on what
newuser should say in its dialog with the user. Well, I'm on vacation
now so that's been pushed back a bit, but I'll try to get on it once I'm
home.
Speaking of dialog, one of the features of the Marcus Watts newuser was
that messages newuser put out were stored in plain text files editable
by non-programmers and read by the program at runtime. That's a nice
configurability feature. I realize that pnewuser is written in Perl, so
that's less of an issue, but I think it would be desirable to be able to
configure pnewuser's messages without touching the source code.
|
kentn
|
|
response 51 of 85:
|
Dec 14 19:00 UTC 2010 |
I went through the current command line newuser the other day, and saw
the captcha feature, too (it looks like figlet lettering). The email
feature worked nicely. It gave me the temporary password and told how
to log in via ssh, which is a good thing. When I used the password to
log in, it immediately had me change it so the user gets to use their
desired password (also a good thing). What I had trouble finding,
though I may have missed it in all the text that flowed by, was how
to get validated. That probably should be part of the resh allowed
commands list so that users will find it right away, and part of the
instructions when you log in if you are a resh user. Again, I may have
missed it, but it wasn't immediately obvious to me.
|
veek
|
|
response 52 of 85:
|
Dec 14 19:09 UTC 2010 |
is the src available for viewing? we could modify it to make sure users
understand the risks.. seen that in eclipse.cs.pdx.edu:7680, it's a
MUD. They ask the users a lot of questions that they have to get right,
before they are allowed into the main area. eg: Dear user, is it safe
for you to use the same password to signin to Grex, that you would use
at your bank web-site? and he would have to answer no.. stuff like that
given the privacy issues we now face.. it would give us a bit of
leeway.
|
nharmon
|
|
response 53 of 85:
|
Dec 14 19:18 UTC 2010 |
I too tested the command line new user recently and liked it a lot.
|
veek
|
|
response 54 of 85:
|
Dec 14 19:30 UTC 2010 |
resp:52 nm found it
|
cross
|
|
response 55 of 85:
|
Dec 15 00:48 UTC 2010 |
I am typing on my phone, so excuse the brevity. All the text is still in text
files. Source is in subvversion. It probably needs a soak.
|
tsty
|
|
response 56 of 85:
|
Dec 15 01:12 UTC 2010 |
i am -elated- taht newuser text&html have had the cross-soak applied.
that it took this much rancor to get there .. well, someitmes it does.
tnx cross & testers.
|
cross
|
|
response 57 of 85:
|
Dec 15 16:39 UTC 2010 |
Web newuser is still broke.
|
kentn
|
|
response 58 of 85:
|
Dec 15 16:44 UTC 2010 |
But on our collective list to get fixed Real Soon Now.
|
cross
|
|
response 59 of 85:
|
Dec 15 16:46 UTC 2010 |
True dat.
|
tsty
|
|
response 60 of 85:
|
Dec 15 17:50 UTC 2010 |
jsut di d the web thing this time/date:
Error in Account Creation
Your application for an account on Grex has not been processed due to a system
problem.
* Could not access directory /usr/noton/nu/
Sorry.
|
tsty
|
|
response 61 of 85:
|
Dec 15 17:51 UTC 2010 |
however i did notice this selectable option:
Privacy: Who may see the information in
this section of the form?
All users.
Grex staff
only.
validate necessitates, sometimes, 'grex staff only'.
i;ll try the cli version
|
tsty
|
|
response 62 of 85:
|
Dec 15 17:59 UTC 2010 |
he captcha -is- case sensitive ... that needs to be -clear-.
|
tsty
|
|
response 63 of 85:
|
Dec 15 17:59 UTC 2010 |
re 57 ... oops didin;t see that .. my bad.
|
cross
|
|
response 64 of 85:
|
Dec 15 18:14 UTC 2010 |
resp:61 That has NOTHING to do with validation. That's just managing a
user's expectations so that they understand that staff *can* read their files;
that doesn't mean that staff *should*.
|
richard
|
|
response 65 of 85:
|
Dec 15 22:07 UTC 2010 |
sounds like the issue is that too many staffers have root access.
Change the root pw and declare that one, and only one person, has that
access. Designate one person the root staffer. This eliminates issues
like what was being discussed with TS. Most staff work doesn't require
root does it?
|