Easy way to reset local user passwords?

[Terry McGuire <tm...@ualberta.ca>]

Hey folks.  We're about to go live with our VCL pilot project, and at this stage we're staying with local VCL accounts.  In the future we'll be wiring things into our institutional ldap environment, but we're not there yet and we need to find a way to function with about 50 local users, growing perhaps to 150 in January.  One obvious challenge we see coming is with folks forgetting passwords.

I don't see a facility in the web interface for admin users to reset passwords.  Have I missed it somewhere?  Is there some sort of tool somewhre else?  Assuming not, I'm going to have to build something relatively user-friendly for our helpdesk staff to use.  (The helpdesk won't be doing any overall VCL admin - just password resets and the like.)  Can anyone suggest a good approach to doing such a thing?  Please keep in mind that we don't want to get too fancy, as we'll only need to be doing this for maybe a year or so.

Thanks in advance for any and all suggestions.

Regards,
Terry McGuire

Re: Easy way to reset local user passwords?

[Terry McGuire <tm...@ualberta.ca>]

Perfect!  Thanks heaps, Josh.  I'll just wrap some pretty php around this and we'll be in business.

Terry

On 30 Aug 2011, at 1159h, Josh Thompson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Terry,
> 
> Assuming you have a way to authenticate your helpdesk staff, I'd create a web 
> tool that allows them to enter a userid and password which will then set the 
> password for that userid in VCL.
> 
> To set the password, you'd follow these steps, I'll use USERID and NEWPASS to 
> represent the userid and the string entered as the new password by the 
> helpdesk staff:
> 
> - -get the id from the user table for the user:
>  SELECT id FROM user WHERE unityid = 'USERID' AND affiliationid = 1
>  I'll use 'theuserid' to refer to the returned value
> 
> - -get salt for user from localauth table:
>  SELECT salt FROM localauth WHERE userid = theuserid
>  I'll use 'thesalt' to refer to the returned value
> 
> - -create a hash of the salt and the new password:
>  echo -n 'NEWPASSthesalt' | sha1sum
>  I'll use 'thehash' to refer to the returned value
> 
> - -update the localauth table
>  UPDATE localauth SET passhash = 'thehash', lastupdated = NOW() WHERE userid 
> = theuserid
> 
> Josh  
> 
> On Tuesday August 30, 2011, Terry McGuire wrote:
>> Hey folks.  We're about to go live with our VCL pilot project, and at this
>> stage we're staying with local VCL accounts.  In the future we'll be
>> wiring things into our institutional ldap environment, but we're not there
>> yet and we need to find a way to function with about 50 local users,
>> growing perhaps to 150 in January.  One obvious challenge we see coming is
>> with folks forgetting passwords.
>> 
>> I don't see a facility in the web interface for admin users to reset
>> passwords.  Have I missed it somewhere?  Is there some sort of tool
>> somewhre else?  Assuming not, I'm going to have to build something
>> relatively user-friendly for our helpdesk staff to use.  (The helpdesk
>> won't be doing any overall VCL admin - just password resets and the like.)
>> Can anyone suggest a good approach to doing such a thing?  Please keep in
>> mind that we don't want to get too fancy, as we'll only need to be doing
>> this for maybe a year or so.
>> 
>> Thanks in advance for any and all suggestions.
>> 
>> Regards,
>> Terry McGuire
> - -- 
> - -------------------------------
> Josh Thompson
> VCL Developer
> North Carolina State University
> 
> my GPG/PGP key can be found at pgp.mit.edu
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (GNU/Linux)
> 
> iEYEARECAAYFAk5dJOoACgkQV/LQcNdtPQP+QwCdEzfTlTECBRxewg06F+N0ApxU
> U7MAn166GjpoKS747YAb80GkPOkwIw5Q
> =JD2q
> -----END PGP SIGNATURE-----
> 

Re: Easy way to reset local user passwords?

[Josh Thompson <jo...@ncsu.edu>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Terry,

Assuming you have a way to authenticate your helpdesk staff, I'd create a web 
tool that allows them to enter a userid and password which will then set the 
password for that userid in VCL.

To set the password, you'd follow these steps, I'll use USERID and NEWPASS to 
represent the userid and the string entered as the new password by the 
helpdesk staff:

- -get the id from the user table for the user:
  SELECT id FROM user WHERE unityid = 'USERID' AND affiliationid = 1
  I'll use 'theuserid' to refer to the returned value

- -get salt for user from localauth table:
  SELECT salt FROM localauth WHERE userid = theuserid
  I'll use 'thesalt' to refer to the returned value

- -create a hash of the salt and the new password:
  echo -n 'NEWPASSthesalt' | sha1sum
  I'll use 'thehash' to refer to the returned value

- -update the localauth table
  UPDATE localauth SET passhash = 'thehash', lastupdated = NOW() WHERE userid 
= theuserid

Josh  

On Tuesday August 30, 2011, Terry McGuire wrote:
> Hey folks.  We're about to go live with our VCL pilot project, and at this
> stage we're staying with local VCL accounts.  In the future we'll be
> wiring things into our institutional ldap environment, but we're not there
> yet and we need to find a way to function with about 50 local users,
> growing perhaps to 150 in January.  One obvious challenge we see coming is
> with folks forgetting passwords.
> 
> I don't see a facility in the web interface for admin users to reset
> passwords.  Have I missed it somewhere?  Is there some sort of tool
> somewhre else?  Assuming not, I'm going to have to build something
> relatively user-friendly for our helpdesk staff to use.  (The helpdesk
> won't be doing any overall VCL admin - just password resets and the like.)
>  Can anyone suggest a good approach to doing such a thing?  Please keep in
> mind that we don't want to get too fancy, as we'll only need to be doing
> this for maybe a year or so.
> 
> Thanks in advance for any and all suggestions.
> 
> Regards,
> Terry McGuire
- -- 
- -------------------------------
Josh Thompson
VCL Developer
North Carolina State University

my GPG/PGP key can be found at pgp.mit.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)

iEYEARECAAYFAk5dJOoACgkQV/LQcNdtPQP+QwCdEzfTlTECBRxewg06F+N0ApxU
U7MAn166GjpoKS747YAb80GkPOkwIw5Q
=JD2q
-----END PGP SIGNATURE-----