Re: Password confirmation in TkGnats!

[Rick Macdonald]

On Mon, 28 May 2001, Mostafa Essaadi wrote:

> I've installed gnats 3.113 on the Sun machine and TkGnats 3.0.16 on the
> win-clients machine.
> I follow correctly the configuration in the README_win file.
> By the Databasepassword configuration and for each user i have added this
> lines (e. g.)
> in the config-user.ini:
> 
> # Tell TkGnats about yourself
> #
> 
> set TkGnats(LogName)      messaadi
> set TkGnats(GroupName)    steria
> set TkGnats(FullName)     "Mostafa Essaadi"
> set TkGnats(EmailAddr)    messaadi
> 
> # server password fields: GNATSDatabaseAlias GNATS_SERVER userid password
> set TkGnats(DatabasePasswords) {
> gnats 192.168.0.27 messaadi ****
> }
> 
> The same configuration will be added in gnatsd.access file on the gnats sun
> machine:
> 
> messaadi:****:edit:/usr/local/share/gnats/gnats-db
> 
> 
> Then when i start tkgnats it will be open whithout password confirmation
> although i have it added!

GNATS 3.x doesn't give an error if you give it an invalid userid/password.
TkGnats doesn't prompt you for a password, it just uses what you give it
in the user's file above. The intent for UNIX is that the user file has
permissions "600". I don't even know if Windows has such file protection.

As far as what happenes to people who try to run tkgnats without a valid
userid/password in their file, that's up to the gnatsd.access file. Put
"*:*:deny" at the end and they'll be cut off completely, or "*:*:view" for
view-only access, etc.

GNATS also has host-based access control based on hostname or IP address,
including wildcard characters, so you can cut off or enable entire
subnets, etc.

...RickM...