[Christopher Molnar <molnarc@nebsllc.com>] Have a question on "new entry" and patch

[Christopher Molnar]

Hello,

> 
> The table gncSession is supposed to store this kind of info.


OK, I thought that it was cleared out between sessions, but if it stays
that will work.

> 
> it already stores 'login' (as login_name)
> and the 'fullname' (as gecos) (maybe gecos is a bad name; but that's
> what the name of the field that contains the full user name and office,
> and phone #, in /etc/passwd)  See for example pgendGetUserGecos
> in PostgresBackend.c  Could change the name if you insist.

Nope, that will work. (Don't change it if it's not broken).

> 
> storing passwords is a generically bad idea (nver mind that kerberos
> or public key logins won't have passwords)

I have a problem here. As soon as anything is opened to the web I need a
login / password from the browser. I was trying to use a db passwd/login
at an app level and allow an admin users to create additional
logins/passwds for the app only. Adds a level of security. Without
storing the passwd this is almost an imposibility. Do you have any
suggestions?

> 
> idcode -- don't know what that is. If its the unix uid, then I decided
> not to store that, mostly because I figured it could change from
> machine to machine, and also be inapplicable to kerberos or public key
> logins.

No, just a short identifying string for every user. I guess not really
needed.

> 
> The gncsession alos contains other inofo: login hostname, time of login,
> time of logout.  We can add more fields to that table, if ti is
> useful...
> 

OK, I didn't realize that that table existed. (I am having a hard time
finding any docs on what the tables contain so it's sort of guess work).
The only one I really need to do something about is the password for the
web based login.

> Does that help?

Yes.

Thanks,
Chris