Opened 11 years ago

Closed 9 years ago

Last modified 9 years ago

#1121 closed feature-request (Invalid)

Add a "new user" command in deluge-console

Reported by: klub Owned by:
Priority: minor Milestone:
Component: Console UI Version: 1.3.3
Keywords: Cc:

Description

When you want to add a new user for deluged daemon, you must add by hand <user>:<pass> in .config/deluge/auth

By this way, it is difficult to encrypt the password.

It should be great to add a new command in deluge-console like:

config -s new_user user:password

and encrypt the password before to write it in auth file. pass

Change History (4)

comment:1 Changed 11 years ago by andar

  • Resolution set to invalid
  • Status changed from new to closed

The passwords in the auth file are stored in plaintext and should not be encrypted.

comment:2 Changed 9 years ago by fgeek

  • Resolution invalid deleted
  • Status changed from closed to reopened
  • Version changed from 1.2.0_rc5 to 1.3.3

Why passwords should not be encrypted and there could be way to add new users via GUI after you user has authenticated. In my opinion this ticket should not be closed yet.

comment:3 Changed 9 years ago by johnnyg

  • Resolution set to invalid
  • Status changed from reopened to closed

The reporter thought the passwords in the auth file were encrypted and was therefore suggesting a command which would automate the encryption process. As the passwords are actually stored as plain text there is no need for such a command and hence the ticket is invalid.

This ticket is NOT about whether or not the authentication file should be encrypted. Feel free to create a new ticket if you wish to suggest that feature.

comment:4 Changed 9 years ago by cinderblock

This bug, according to it's title, is about adding a "command" to deluge to edit it's saved user config file, from within one of the UIs. This suggestion has two main roadblocks:

This would enable (unless you put in extra infallible checks in) the user to delete his own access.

By explicitly not allowing the UI to edit it's own config file, it becomes the owner of the machine's job (often root) to establish and maintain that list of users in a deluge independent way. In ideal setups, this means encrypted passwords are only needed so a passing admin doesn't see a password of one of his or her users.

I'd bet deluge developpers would like to stay away from taking on the task of security management and thus this implementation will likely stay the same for a while.

As others have said, if you'd like to have passwords in the config file stored encrypted, make a new ticket. Each ticket should be about one, and only one, issue.

Note: See TracTickets for help on using tickets.