vicidial.org

[jace]

Hi Guys,

Just wondering if there is a way we could encrypt user's password upon creation? Especially that we do have multiple admin accounts on our vicidial and from there it seems that all the information from all the users created are shown including password.

Also, would it be possible for the Agents to reset their password on agents screen? Just like on the admin account's Force change password.

[williamconley]

Absolutely. Those both sound like excellent feature requests (note that there is a board for feature requests, outside the support board). You should also post an issue in the Vicidial Issue Tracker (http://www.vicidial.org/VICIDIALmantis) and post a link back here to it.

It would also be possible to pay The Vicidial Group (or someone else?) to create this feature (agent password reset) and upgrade (encoded passwords). Note that while Only The Vicidial Group can guarantee addition to the base code of Vicidial, others (such as PoundTeam) can also perform the service and provide The Vicidial Group DIFF files to assist in inclusion.

You may also want to upgrade to the latest version of Vicidial before embarking upon this endeavor, as upgrading the "feature" and "upgrade" would be a waste of money later when you can just upgrade your Vicidial now before development.

You could also request some "intermediate" modifications such as merely hiding the password from the admin screens.

[jace]

Thanks williamconley for the reply.

As I have searched to look for this features if readily available in vicidial, I found this documentation (http://vicidial.org/docs/ENCRYPTED_PASSWORDS.txt) which seems to be the feature for the password encryption. But we're not sure if this is already tested and working as it should.

We are able to set up our server and is now in production, we wanted this to try but we're afraid that it will mess up our server. Do you happen to have any idea on how we could backup our server before we proceed with the steps given for the password encryption? If possible, can you confirm if this is tested and safe as it is posted on vicidial.org. :p

Sorry for the ignorance and thank you.

[williamconley]

! I have never noticed this before (all this new stuff creeps up on me!).

Best to test it in a Virtual system before your live box.

Backups are best handled via the backup script in /usr/share/astguiclient

BEST method would be to install a clean system in a virtual server (with the same version of Vicidial you have now) and then restore from the Backup created by the backup script into that new virtual server. When that system is functional, you have verified that you have a Valid Backup (nice feeling, that) and can also now test this password encryption method on your Virtual server before activating it on your Live environment. Do note that a virtual server environment is only good for a single agent ... but perfect for testing!

And please post your results here. I'd also like to know if the passwords are salted. If not, that's the next likely upgrade for this system (unsalted passwords are still "uncool" although encryption is at least a step in the right direction!).

[mflorell]

Yes, Vicidial user password encryption does work and is in place on several production clients of ours. We fixed a small bug in it earlier this month involving the copy user function, but other than that encryption has worked for months without incident on several live systems.

If you want to keep up on Vicidial Development, follow us on Twitter and you would have seen that we added this feature on July 11 of this year

https://twitter.com/vicidial_dev

[williamconley]

I must have missed that tweet.

Are the passwords salted?

[willdal3]

Hi Guys,

Please help!

Just new here and with vicibox/vicidial. I have tried adding this feature on our server following the steps given from the link given above. Unfortunately, we are having some issues and we're not sure what could be the problem. Is there anything we should install first before we run into this steps? Please advise.

cpan[2]> install Crypt::Eksblowfish::Bcrypt
Running install for module 'Crypt::Eksblowfish::Bcrypt'
Running make for Z/ZE/ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz
Checksum for /root/.cpan/sources/authors/id/Z/ZE/ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz ok
Scanning cache /root/.cpan/build for sizes
............................................................................DONE

CPAN.pm: Going to build Z/ZE/ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz

Warning: ExtUtils::CBuilder not installed or no compiler detected
Proceeding with configuration, but compilation may fail during Build

Created MYMETA.yml and MYMETA.json
Creating new 'Build' script for 'Crypt-Eksblowfish' version '0.009'
Building Crypt-Eksblowfish
Error: no compiler detected to compile 'lib/Crypt/Eksblowfish.c'. Aborting
ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz
./Build -- NOT OK
'YAML' not installed, will not store persistent state
Running Build test
Can't test without successful make
Running Build install
Make had returned bad status, install seems impossible
Failed during this command:
ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz : make NO

Thank you!

[williamconley]

Did you try installing ExtUtils::CBuilder ?

[willdal3]

Thank you William for the reply.

Sorry for the ignorance. I haven't install anything yet. We have simply followed the installation guide on the vicibox website and we are ready to go. Please advise on how can I check on this one.

Regards,

[williamconley]

This is an "intallation" moment:

Code: Select all

cpan[2]> install Crypt::Eksblowfish::Bcrypt

It failed because it claimed "ExtUtils::CBuilder not installed"
So try:

Code: Select all

cpan[2]> install ExtUtils::CBuilder
cpan[2]> install Crypt::Eksblowfish::Bcrypt

[mflorell]

I must have missed that tweet.

Are the passwords salted?

Yes, they are, and you can also raise the bcrypt computation level if you really want to as well.

[willdal3]

Thanks Guys for the replies!

I have tried to do what you've said ( cpan[1]> install ExtUtils::CBuilder). After entering the code we've noticed this:

Checking if your kit is complete...
Looks good
Writing Makefile for ExtUtils::CBuilder
Writing MYMETA.yml
Can't exec "make": No such file or directory at /usr/lib/perl5/5.14.2/CPAN/Distribution.pm line 2078.
AMBS/ExtUtils/ExtUtils-CBuilder-0.280212.tar.gz
make -- NOT OK
'YAML' not installed, will not store persistent state
Running make test
Can't test without successful make
Running make install
Make had returned bad status, install seems impossible
Failed during this command:
AMBS/ExtUtils/ExtUtils-CBuilder-0.280212.tar.gz: make NO

We get the same error/warning message upon installing (install Crypt::Eksblowfish::Bcrypt) just like last time.

Please advise what to do next.

Thanks a lot in advance!

[mflorell]

You should use the "yast" utility to ensure that you have "make" and "gcc" installed on your system.

[williamconley]

True enough. Without gcc and make, you cannot compile.

[willdal3]

Thanks Guys for all your help.

I have verified, "make" and "gcc" was not installed yet. I have successfully run this within YAST and have successfully installed both "ExtUtils::CBuilder" and " Crypt::Eksblowfish::Bcrypt" there after. Password encryption is now enabled and password on user table has been cleared as well.

Regards,

Will

[williamconley]

Perhaps it would be useful for you to post your final version of the installation instructions (as it applies to vicibox 4.0.3) for any other 403 users.

[mav2287]

I Second that I may install this myself now that I know it is avaliable.

[williamconley]

I Second that I may install this myself now that I know it is avaliable.

See! You have an audience after four posts! That's pretty impressive! Post your step-by-step final solution and you can share the joy.

[willdal3]

Hi Guys,

Sorry for the late reply as we've got busy these past few days.

Cheers to mflorell and williamconley for guiding me through the resolution.

Per they advised, I have used the YAST command to verify and install "gcc" and "make"

From that of the vicibox command line:
1. type in YAST and press enter
2. YAST2 Control Center will show up, Select on Software -->Software Management --> Enter
3. Skip all other, and make sure that ggc and make are installed.
4. After that you're good to go with the instructions on the given link above for password encryption

Hope it make sense...

Thanks again...

[williamconley]

Excellent postback!

[williamconley]

FYI: Your previous "allowed Single IPs" from the old firewall have been added to this firewall. Those that required an entire subnet/range to be allowed are still hard-coded in the new firewall as well.