[Glass] Changed DataCurator password and now I cannot start seaside gems

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Glass] Changed DataCurator password and now I cannot start seaside gems

Mariano Martinez Peck
Hi guys,

I modified my DataCurator password as explained in the guide:

 (AllUsers userWithId: 'DataCurator')
 password: 'xxx' . System commitTransaction
 
Then just in case I restarted everything. GemStone can start and I can login with topaz (with the new password). However, when I start my seaside gems as I used to do:

WAFastCGIAdaptor stop.
WAGemStoneRunSeasideGems default
       name: 'FastCGI';
       adaptorClass: WAFastCGIAdaptor;
       ports: #(9001 9002 9003).
WAGemStoneRunSeasideGems restartGems.

They fail...in the log I read:

[Info]: Logging out at 12/05/2013 15:53:49 EST
-----------------------------------------------------
GemStone: Error         Fatal
Login failed:  the GemStone userId/password combination is invalid
or expired.
Error Category: 231169 [GemStone] Number: 4051  Arg Count: 0 Context : 20 exception : 20


If I see $GEMSTONE/seaside/etc/gemstone.secret
it has the old default swordfish password....

I am not supposed to change that by hand since it is read only.

So...what else should I change?

Thanks in advance, 


--
Mariano
http://marianopeck.wordpress.com

_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass
Reply | Threaded
Open this post in threaded view
|

Re: [Glass] Changed DataCurator password and now I cannot start seaside gems

Mariano Martinez Peck
/opt/gemstone/product/seaside/bin/changeSystemPassword  does not help either and in fact it seems to do the equivalent to what I did...




On Thu, Dec 5, 2013 at 6:13 PM, Mariano Martinez Peck <[hidden email]> wrote:
Hi guys,

I modified my DataCurator password as explained in the guide:

 (AllUsers userWithId: 'DataCurator')
 password: 'xxx' . System commitTransaction
 
Then just in case I restarted everything. GemStone can start and I can login with topaz (with the new password). However, when I start my seaside gems as I used to do:

WAFastCGIAdaptor stop.
WAGemStoneRunSeasideGems default
       name: 'FastCGI';
       adaptorClass: WAFastCGIAdaptor;
       ports: #(9001 9002 9003).
WAGemStoneRunSeasideGems restartGems.

They fail...in the log I read:

[Info]: Logging out at 12/05/2013 15:53:49 EST
-----------------------------------------------------
GemStone: Error         Fatal
Login failed:  the GemStone userId/password combination is invalid
or expired.
Error Category: 231169 [GemStone] Number: 4051  Arg Count: 0 Context : 20 exception : 20


If I see $GEMSTONE/seaside/etc/gemstone.secret
it has the old default swordfish password....

I am not supposed to change that by hand since it is read only.

So...what else should I change?

Thanks in advance, 


--
Mariano
http://marianopeck.wordpress.com



--
Mariano
http://marianopeck.wordpress.com

_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass
Reply | Threaded
Open this post in threaded view
|

Re: [Glass] Changed DataCurator password and now I cannot start seaside gems

Johan Brichau-3
Mariano,

The scripts that start the Seaside adaptors in a topaz session log into GS as DataCurator and use the password defined in /opt/gemstone/product/seaside/etc/gemstone.secret

cheers
Johan

On 05 Dec 2013, at 22:21, Mariano Martinez Peck <[hidden email]> wrote:

> /opt/gemstone/product/seaside/bin/changeSystemPassword  does not help either and in fact it seems to do the equivalent to what I did...
>
>
>
>
> On Thu, Dec 5, 2013 at 6:13 PM, Mariano Martinez Peck <[hidden email]> wrote:
> Hi guys,
>
> I modified my DataCurator password as explained in the guide:
>
>  (AllUsers userWithId: 'DataCurator')
>  password: 'xxx' . System commitTransaction
>  
> Then just in case I restarted everything. GemStone can start and I can login with topaz (with the new password). However, when I start my seaside gems as I used to do:
>
> WAFastCGIAdaptor stop.
> WAGemStoneRunSeasideGems default
>        name: 'FastCGI';
>        adaptorClass: WAFastCGIAdaptor;
>        ports: #(9001 9002 9003).
> WAGemStoneRunSeasideGems restartGems.
>
> They fail...in the log I read:
>
> [Info]: Logging out at 12/05/2013 15:53:49 EST
> -----------------------------------------------------
> GemStone: Error         Fatal
> Login failed:  the GemStone userId/password combination is invalid
> or expired.
> Error Category: 231169 [GemStone] Number: 4051  Arg Count: 0 Context : 20 exception : 20
>
>
> If I see $GEMSTONE/seaside/etc/gemstone.secret
> it has the old default swordfish password....
>
> I am not supposed to change that by hand since it is read only.
>
> So...what else should I change?
>
> Thanks in advance,
>
>
> --
> Mariano
> http://marianopeck.wordpress.com
>
>
>
> --
> Mariano
> http://marianopeck.wordpress.com
> _______________________________________________
> Glass mailing list
> [hidden email]
> http://lists.gemtalksystems.com/mailman/listinfo/glass

_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass
Reply | Threaded
Open this post in threaded view
|

Re: [Glass] Changed DataCurator password and now I cannot start seaside gems

Dale Henrichs-3
In reply to this post by Mariano Martinez Peck



From: "Mariano Martinez Peck" <[hidden email]>
To: [hidden email]
Sent: Thursday, December 5, 2013 1:13:04 PM
Subject: [Glass] Changed DataCurator password and now I cannot start seaside        gems

Hi guys,

I modified my DataCurator password as explained in the guide:

 (AllUsers userWithId: 'DataCurator')
 password: 'xxx' . System commitTransaction
 
Then just in case I restarted everything. GemStone can start and I can login with topaz (with the new password). However, when I start my seaside gems as I used to do:

WAFastCGIAdaptor stop.
WAGemStoneRunSeasideGems default
       name: 'FastCGI';
       adaptorClass: WAFastCGIAdaptor;
       ports: #(9001 9002 9003).
WAGemStoneRunSeasideGems restartGems.

They fail...in the log I read:

[Info]: Logging out at 12/05/2013 15:53:49 EST
-----------------------------------------------------
GemStone: Error         Fatal
Login failed:  the GemStone userId/password combination is invalid
or expired.
Error Category: 231169 [GemStone] Number: 4051  Arg Count: 0 Context : 20 exception : 20


If I see $GEMSTONE/seaside/etc/gemstone.secret
it has the old default swordfish password....

I am not supposed to change that by hand since it is read only.
It is readOnly because you are not supposed to change it without thinking ... this is where the seaside start scripts get the password information by default, so go ahead and change the password here ..... if you want more security than that, I think you can use use LDAP (you might need 3.1.0.5 to use LDAP). I personally haven't played around with LDAP, so I'm not completely clear on how to hook it up ...

So...what else should I change?

Thanks in advance, 


--
Mariano
http://marianopeck.wordpress.com

_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass


_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass
Reply | Threaded
Open this post in threaded view
|

Re: [Glass] Changed DataCurator password and now I cannot start seaside gems

Mariano Martinez Peck



On Thu, Dec 5, 2013 at 8:52 PM, Dale K. Henrichs <[hidden email]> wrote:



From: "Mariano Martinez Peck" <[hidden email]>
To: [hidden email]
Sent: Thursday, December 5, 2013 1:13:04 PM
Subject: [Glass] Changed DataCurator password and now I cannot start seaside        gems


Hi guys,

I modified my DataCurator password as explained in the guide:

 (AllUsers userWithId: 'DataCurator')
 password: 'xxx' . System commitTransaction
 
Then just in case I restarted everything. GemStone can start and I can login with topaz (with the new password). However, when I start my seaside gems as I used to do:

WAFastCGIAdaptor stop.
WAGemStoneRunSeasideGems default
       name: 'FastCGI';
       adaptorClass: WAFastCGIAdaptor;
       ports: #(9001 9002 9003).
WAGemStoneRunSeasideGems restartGems.

They fail...in the log I read:

[Info]: Logging out at 12/05/2013 15:53:49 EST
-----------------------------------------------------
GemStone: Error         Fatal
Login failed:  the GemStone userId/password combination is invalid
or expired.
Error Category: 231169 [GemStone] Number: 4051  Arg Count: 0 Context : 20 exception : 20


If I see $GEMSTONE/seaside/etc/gemstone.secret
it has the old default swordfish password....

I am not supposed to change that by hand since it is read only.
It is readOnly because you are not supposed to change it without thinking ...

mmmmm I would give write permissions at least for the owner. Seeing it as read only makes me think I should not touch it and that they modified from some bash....

Also...shouldn't changeSystemPassword also modify the entry for GEMSTONE_CURATOR_PASS in $GEMSTONE/seaside/etc/gemstone.secret ?

 
this is where the seaside start scripts get the password information by default, so go ahead and change the password here .....

OK...this yields to the next question I was going to ask...there is no way to choose with which GemStone user to run the seaside gems? This is related to another thread I sent "DataCurator and then own user?". Say I want to start 3 seaside gems (fastCGI) with user XXX (not DataCurator). What is the easiest way to do this?

 
if you want more security than that, I think you can use use LDAP (you might need 3.1.0.5 to use LDAP). I personally haven't played around with LDAP, so I'm not completely clear on how to hook it up ...

So...what else should I change?

Thanks in advance, 


--
Mariano
http://marianopeck.wordpress.com

_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass




--
Mariano
http://marianopeck.wordpress.com

_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass
Reply | Threaded
Open this post in threaded view
|

Re: [Glass] Changed DataCurator password and now I cannot start seaside gems

Dale Henrichs-3



From: "Mariano Martinez Peck" <[hidden email]>
To: "Dale K. Henrichs" <[hidden email]>
Cc: [hidden email]
Sent: Thursday, December 5, 2013 5:25:36 PM
Subject: Re: [Glass] Changed DataCurator password and now I cannot start seaside gems




On Thu, Dec 5, 2013 at 8:52 PM, Dale K. Henrichs <[hidden email]> wrote:



From: "Mariano Martinez Peck" <[hidden email]>
To: [hidden email]
Sent: Thursday, December 5, 2013 1:13:04 PM
Subject: [Glass] Changed DataCurator password and now I cannot start seaside        gems


Hi guys,

I modified my DataCurator password as explained in the guide:

 (AllUsers userWithId: 'DataCurator')
 password: 'xxx' . System commitTransaction
 
Then just in case I restarted everything. GemStone can start and I can login with topaz (with the new password). However, when I start my seaside gems as I used to do:

WAFastCGIAdaptor stop.
WAGemStoneRunSeasideGems default
       name: 'FastCGI';
       adaptorClass: WAFastCGIAdaptor;
       ports: #(9001 9002 9003).
WAGemStoneRunSeasideGems restartGems.

They fail...in the log I read:

[Info]: Logging out at 12/05/2013 15:53:49 EST
-----------------------------------------------------
GemStone: Error         Fatal
Login failed:  the GemStone userId/password combination is invalid
or expired.
Error Category: 231169 [GemStone] Number: 4051  Arg Count: 0 Context : 20 exception : 20


If I see $GEMSTONE/seaside/etc/gemstone.secret
it has the old default swordfish password....

I am not supposed to change that by hand since it is read only.
It is readOnly because you are not supposed to change it without thinking ...

mmmmm I would give write permissions at least for the owner. Seeing it as read only makes me think I should not touch it and that they modified from some bash....

Also...shouldn't changeSystemPassword also modify the entry for GEMSTONE_CURATOR_PASS in $GEMSTONE/seaside/etc/gemstone.secret ?

 
this is where the seaside start scripts get the password information by default, so go ahead and change the password here .....

OK...this yields to the next question I was going to ask...there is no way to choose with which GemStone user to run the seaside gems? This is related to another thread I sent "DataCurator and then own user?". Say I want to start 3 seaside gems (fastCGI) with user XXX (not DataCurator). What is the easiest way to do this?
I think when you introduce separate user gems into the equation everything get harder ... so perhaps it is worth taking a hard look at why you are going with separate gemstone users ... typically the rationale for using gemstone users is that you need to protect sensitive data from folks who have physical access to the machine, i.e., software developers should not be able to view sensitive customer data, but they should be allowed to write code and view non-sensitive information ...

I think that isolating userdata via programatic discipline is a viable solution and if you can make this choice will greatly simplify your infrastructure ...

Dale

 
if you want more security than that, I think you can use use LDAP (you might need 3.1.0.5 to use LDAP). I personally haven't played around with LDAP, so I'm not completely clear on how to hook it up ...

So...what else should I change?

Thanks in advance, 


--
Mariano
http://marianopeck.wordpress.com

_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass




--
Mariano
http://marianopeck.wordpress.com


_______________________________________________
Glass mailing list
[hidden email]
http://lists.gemtalksystems.com/mailman/listinfo/glass