Documentation UserIdResolvers missing password attribute

I set up a SQL Resolver with the column names found in the attribute
mapping list
https://privacyidea.readthedocs.org/en/latest/configuration/useridresolvers.html?highlight=useridresolver#sql-resolver.
I got problems in some places and it stopped when I added password column
also to my MySQL database table and updated my SQL mapping. I think
password attribute is missing in the documentation?

Looks good.
Am thinking this way, I starting from scratch by creating a users table and
want to implement something that privacyidea like. Lets say this table will
not be managed by privacyidea. What is the recommended way to store
passwords? That is not described in your documentation that maybe should be
there.

Another thing,
When using the “add user” feature within webgui, there also exist a
"Description" field. That is not described in the documentation.

Hi Nicke,

I added a short documentation about the passwords.

“”"

Note

There is no standard way to store passwords in an SQL database. There
are several different ways to do this. privacyIDEA supports the most
common ways like Wordpress hashes starting with $P or $S. Secure hashes
starting with {SHA} or salted secure hashes starting with {SSHA},
{SSHA256} or {SSHA512}. Password hashes of length 64 are interpreted as
OTRS sha256 hashes.
“”"

This will be on readthedocs shortly.

Thanks for your input.

Kind regards
CorneliusAm Freitag, den 12.02.2016, 14:36 +0100 schrieb Cornelius Kölbel:

Hi Nicke,

you are right. “password” is not mentioned.
THere is no standard way how passwords are stored and checked in an SQL
database. privacyIDEA supports a bunch of them.
https://github.com/privacyidea/privacyidea/blob/master/privacyidea/lib/resolvers/SQLIdResolver.py#L355
(Wordpress style, OTRS style, SHA and several secure SHA ways)

Stopped working? Check your configuration and the privacyIDEA debug log.

kind regards
COrnelius

Am Freitag, den 12.02.2016, 04:38 -0800 schrieb ‘Nicke’ via privacyidea:

I set up a SQL Resolver with the column names found in the attribute
mapping list. I got problems in some places and it stopped when I
added password column also to my MySQL database table and updated my
SQL mapping. I think password attribute is missing in the
documentation?

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/28251e34-5a8e-4f22-bc16-291f99142437%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Hi Nicke,

you are right. “password” is not mentioned.
THere is no standard way how passwords are stored and checked in an SQL
database. privacyIDEA supports a bunch of them.

(Wordpress style, OTRS style, SHA and several secure SHA ways)

Stopped working? Check your configuration and the privacyIDEA debug log.

kind regards
COrneliusAm Freitag, den 12.02.2016, 04:38 -0800 schrieb ‘Nicke’ via privacyidea:

I set up a SQL Resolver with the column names found in the attribute
mapping list. I got problems in some places and it stopped when I
added password column also to my MySQL database table and updated my
SQL mapping. I think password attribute is missing in the
documentation?

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/28251e34-5a8e-4f22-bc16-291f99142437%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)

Aa, great feedback.
I take a look at privacyidea-create-userdb.

Hey Nicke,

let me guess: You are the software tester and QA manager in your
company? :wink:

Yeah, there might be no documentation for a field description. But maybe
this is obvious. Do you know these software products where you open the
help screen and it tells you:

“Description - here you may enter a description for the user”.

Many products work this way. And I always disliked it.
Or take the checkbox

this resolver is editiable”

The documentation might be: “If you click this checkbox, you mark the
resolver as editable.”

This is just waste. The documentation needs to explain to you that an
editable resolver means, that privacyIDEA can write into the resolver to
modify user data. So that even users can be managed from within
privacyIDEA. That this is only implemented for SQL at the moment, since
modifying SQL is more straightforward than modifying LDAP or parsing
plain text files…

(of course also privacyIDEA documentation needs improvement. All
documentation does)

Don’t get me wrong. I appreciate all feedback and input. Feel free to
either point out other flaws or even do a pull request. Also on
documentation if you think it is worth adding additional chapters.

As far as the easy editable user resolver or recommended password field
is concerned, there is a shell script

privacyidea-create-userdb

which creates an SQLite user DB at /etc/privacyidea/users.sqlite and in
addition created the resolver and realm accordingly.

It instruments the commands

pi-manage resolver create

and

pi-manage realm create

Take a look at it to get an idea, how you could easily create your user
table in any other database.

Kind regards
CorneliusAm Freitag, den 12.02.2016, 06:49 -0800 schrieb ‘Nicke’ via privacyidea:

Looks good.
Am thinking this way, I starting from scratch by creating a users
table and want to implement something that privacyidea like. Lets say
this table will not be managed by privacyidea. What is the recommended
way to store passwords? That is not described in your documentation
that maybe should be there.

Another thing,
When using the “add user” feature within webgui, there also exist a
“Description” field. That is not described in the documentation.

Please read the blog post about getting help
Getting help – privacyID3A.

For professional services and consultancy regarding two factor
authentication please visit
One Time Services - NetKnights - IT-Sicherheit - Zwei-Faktor-Authentisierung - Verschlüsselung

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT
which suites your needs for SECURITY, AVAILABILITY and LIABILITY:
privacyIDEA Support Level

You received this message because you are subscribed to the Google
Groups “privacyidea” group.
To unsubscribe from this group and stop receiving emails from it, send
an email to privacyidea+unsubscribe@googlegroups.com.
To post to this group, send email to privacyidea@googlegroups.com.
Visit this group at https://groups.google.com/group/privacyidea.
To view this discussion on the web visit
https://groups.google.com/d/msgid/privacyidea/38abd3da-054b-4c37-9483-a83c12ec2861%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.


Cornelius Kölbel
@cornelinux
+49 151 2960 1417

NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel

signature.asc (836 Bytes)