#1121 closed feature-request (Invalid)
Add a "new user" command in deluge-console
Reported by: | klub | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | Console UI | Version: | 1.3.3 |
Keywords: | Cc: |
Description
When you want to add a new user for deluged daemon, you must add by hand <user>:<pass> in .config/deluge/auth
By this way, it is difficult to encrypt the password.
It should be great to add a new command in deluge-console like:
config -s new_user user:password
and encrypt the password before to write it in auth file. pass
Change History (4)
comment:1 by , 15 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
comment:2 by , 13 years ago
Resolution: | invalid |
---|---|
Status: | closed → reopened |
Version: | 1.2.0_rc5 → 1.3.3 |
Why passwords should not be encrypted and there could be way to add new users via GUI after you user has authenticated. In my opinion this ticket should not be closed yet.
comment:3 by , 13 years ago
Resolution: | → invalid |
---|---|
Status: | reopened → closed |
The reporter thought the passwords in the auth file were encrypted and was therefore suggesting a command which would automate the encryption process. As the passwords are actually stored as plain text there is no need for such a command and hence the ticket is invalid.
This ticket is NOT about whether or not the authentication file should be encrypted. Feel free to create a new ticket if you wish to suggest that feature.
comment:4 by , 13 years ago
This bug, according to it's title, is about adding a "command" to deluge to edit it's saved user config file, from within one of the UIs. This suggestion has two main roadblocks:
This would enable (unless you put in extra infallible checks in) the user to delete his own access.
By explicitly not allowing the UI to edit it's own config file, it becomes the owner of the machine's job (often root) to establish and maintain that list of users in a deluge independent way. In ideal setups, this means encrypted passwords are only needed so a passing admin doesn't see a password of one of his or her users.
I'd bet deluge developpers would like to stay away from taking on the task of security management and thus this implementation will likely stay the same for a while.
As others have said, if you'd like to have passwords in the config file stored encrypted, make a new ticket. Each ticket should be about one, and only one, issue.
The passwords in the auth file are stored in plaintext and should not be encrypted.