Opened 15 years ago

Closed 13 years ago

Last modified 13 years ago

#1121 closed feature-request (Invalid)

Add a "new user" command in deluge-console

Reported by: klub Owned by:
Priority: minor Milestone:
Component: Console UI Version: 1.3.3
Keywords: Cc:

Description

When you want to add a new user for deluged daemon, you must add by hand <user>:<pass> in .config/deluge/auth

By this way, it is difficult to encrypt the password.

It should be great to add a new command in deluge-console like:

config -s new_user user:password

and encrypt the password before to write it in auth file. pass

Change History (4)

comment:1 by andar, 15 years ago

Resolution: invalid
Status: newclosed

The passwords in the auth file are stored in plaintext and should not be encrypted.

comment:2 by Henri Salo, 13 years ago

Resolution: invalid
Status: closedreopened
Version: 1.2.0_rc51.3.3

Why passwords should not be encrypted and there could be way to add new users via GUI after you user has authenticated. In my opinion this ticket should not be closed yet.

comment:3 by John Garland, 13 years ago

Resolution: invalid
Status: reopenedclosed

The reporter thought the passwords in the auth file were encrypted and was therefore suggesting a command which would automate the encryption process. As the passwords are actually stored as plain text there is no need for such a command and hence the ticket is invalid.

This ticket is NOT about whether or not the authentication file should be encrypted. Feel free to create a new ticket if you wish to suggest that feature.

comment:4 by Cameron Tacklind, 13 years ago

This bug, according to it's title, is about adding a "command" to deluge to edit it's saved user config file, from within one of the UIs. This suggestion has two main roadblocks:

This would enable (unless you put in extra infallible checks in) the user to delete his own access.

By explicitly not allowing the UI to edit it's own config file, it becomes the owner of the machine's job (often root) to establish and maintain that list of users in a deluge independent way. In ideal setups, this means encrypted passwords are only needed so a passing admin doesn't see a password of one of his or her users.

I'd bet deluge developpers would like to stay away from taking on the task of security management and thus this implementation will likely stay the same for a while.

As others have said, if you'd like to have passwords in the config file stored encrypted, make a new ticket. Each ticket should be about one, and only one, issue.

Note: See TracTickets for help on using tickets.