[Glass] Changed DataCurator password and now I cannot start seaside gems

Dale K. Henrichs dale.henrichs at gemtalksystems.com
Fri Dec 6 07:31:23 PST 2013 

----- Original Message -----

| From: "Mariano Martinez Peck" <marianopeck at gmail.com>
| To: "Dale K. Henrichs" <dale.henrichs at gemtalksystems.com>
| Cc: glass at lists.gemtalksystems.com
| Sent: Thursday, December 5, 2013 5:25:36 PM
| Subject: Re: [Glass] Changed DataCurator password and now I cannot
| start seaside gems

| On Thu, Dec 5, 2013 at 8:52 PM, Dale K. Henrichs <
| dale.henrichs at gemtalksystems.com > wrote:

| | | From: "Mariano Martinez Peck" < marianopeck at gmail.com >
| | 
| 
| | | To: glass at lists.gemtalksystems.com
| | 
| 
| | | Sent: Thursday, December 5, 2013 1:13:04 PM
| | 
| 
| | | Subject: [Glass] Changed DataCurator password and now I cannot
| | | start
| | | seaside gems
| | 
| 

| | | Hi guys,
| | 
| 

| | | I modified my DataCurator password as explained in the guide:
| | 
| 

| | | (AllUsers userWithId: 'DataCurator')
| | 
| 
| | | password: 'xxx' . System commitTransaction
| | 
| 

| | | Then just in case I restarted everything. GemStone can start and
| | | I
| | | can login with topaz (with the new password). However, when I
| | | start
| | | my seaside gems as I used to do:
| | 
| 

| | | WAFastCGIAdaptor stop.
| | 
| 
| | | WAGemStoneRunSeasideGems default
| | 
| 
| | | name: 'FastCGI';
| | 
| 
| | | adaptorClass: WAFastCGIAdaptor;
| | 
| 
| | | ports: #(9001 9002 9003).
| | 
| 
| | | WAGemStoneRunSeasideGems restartGems.
| | 
| 

| | | They fail...in the log I read:
| | 
| 

| | | [Info]: Logging out at 12/05/2013 15:53:49 EST
| | 
| 
| | | -----------------------------------------------------
| | 
| 
| | | GemStone: Error Fatal
| | 
| 
| | | Login failed: the GemStone userId/password combination is invalid
| | 
| 
| | | or expired.
| | 
| 
| | | Error Category: 231169 [GemStone] Number: 4051 Arg Count: 0
| | | Context
| | | :
| | | 20 exception : 20
| | 
| 

| | | If I see $GEMSTONE/seaside/etc/gemstone.secret
| | 
| 
| | | it has the old default swordfish password....
| | 
| 

| | | I am not supposed to change that by hand since it is read only.
| | 
| 
| | It is readOnly because you are not supposed to change it without
| | thinking ...
| 
| mmmmm I would give write permissions at least for the owner. Seeing
| it as read only makes me think I should not touch it and that they
| modified from some bash....

| Also...shouldn't changeSystemPassword also modify the entry for
| GEMSTONE_CURATOR_PASS in $GEMSTONE/seaside/etc/gemstone.secret ?

| | this is where the seaside start scripts get the password
| | information
| | by default, so go ahead and change the password here .....
| 
| OK...this yields to the next question I was going to ask...there is
| no way to choose with which GemStone user to run the seaside gems?
| This is related to another thread I sent "DataCurator and then own
| user?". Say I want to start 3 seaside gems (fastCGI) with user XXX
| (not DataCurator). What is the easiest way to do this?
I think when you introduce separate user gems into the equation everything get harder ... so perhaps it is worth taking a hard look at why you are going with separate gemstone users ... typically the rationale for using gemstone users is that you need to protect sensitive data from folks who have physical access to the machine, i.e., software developers should not be able to view sensitive customer data, but they should be allowed to write code and view non-sensitive information ... 

I think that isolating userdata via programatic discipline is a viable solution and if you can make this choice will greatly simplify your infrastructure ... 

Dale 

| | if you want more security than that, I think you can use use LDAP
| | (you might need 3.1.0.5 to use LDAP). I personally haven't played
| | around with LDAP, so I'm not completely clear on how to hook it up
| | ...
| 

| | | So...what else should I change?
| | 
| 

| | | Thanks in advance,
| | 
| 

| | | --
| | 
| 
| | | Mariano
| | 
| 
| | | http://marianopeck.wordpress.com
| | 
| 

| | | _______________________________________________
| | 
| 
| | | Glass mailing list
| | 
| 
| | | Glass at lists.gemtalksystems.com
| | 
| 
| | | http://lists.gemtalksystems.com/mailman/listinfo/glass
| | 
| 

| --
| Mariano
| http://marianopeck.wordpress.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.gemtalksystems.com/mailman/private/glass/attachments/20131206/fd59031a/attachment-0001.html>

More information about the Glass mailing list