password encryption

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

password encryption

Postby jace » Thu Oct 24, 2013 2:10 pm

Hi Guys,

Just wondering if there is a way we could encrypt user's password upon creation? Especially that we do have multiple admin accounts on our vicidial and from there it seems that all the information from all the users created are shown including password.

Also, would it be possible for the Agents to reset their password on agents screen? Just like on the admin account's Force change password.
Thanks a lot!

vicibox redux 4.0.3; Vicidial VERSION: 2.8-407a BUILD: 130709-1350 from; Asterisk 1.4.44. I'm also using eyebeam softphone 1.1 3007n stamp 17816.
jace
 
Posts: 20
Joined: Wed Jul 10, 2013 4:49 pm

Re: password encryption

Postby williamconley » Thu Oct 24, 2013 3:03 pm

Absolutely. Those both sound like excellent feature requests (note that there is a board for feature requests, outside the support board). You should also post an issue in the Vicidial Issue Tracker (http://www.vicidial.org/VICIDIALmantis) and post a link back here to it.

It would also be possible to pay The Vicidial Group (or someone else?) to create this feature (agent password reset) and upgrade (encoded passwords). Note that while Only The Vicidial Group can guarantee addition to the base code of Vicidial, others (such as PoundTeam) can also perform the service and provide The Vicidial Group DIFF files to assist in inclusion.

You may also want to upgrade to the latest version of Vicidial before embarking upon this endeavor, as upgrading the "feature" and "upgrade" would be a waste of money later when you can just upgrade your Vicidial now before development.

You could also request some "intermediate" modifications such as merely hiding the password from the admin screens.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby jace » Thu Oct 24, 2013 4:03 pm

Thanks williamconley for the reply.

As I have searched to look for this features if readily available in vicidial, I found this documentation (http://vicidial.org/docs/ENCRYPTED_PASSWORDS.txt) which seems to be the feature for the password encryption. But we're not sure if this is already tested and working as it should.

We are able to set up our server and is now in production, we wanted this to try but we're afraid that it will mess up our server. Do you happen to have any idea on how we could backup our server before we proceed with the steps given for the password encryption? If possible, can you confirm if this is tested and safe as it is posted on vicidial.org. :p

Sorry for the ignorance and thank you.
Thanks a lot!

vicibox redux 4.0.3; Vicidial VERSION: 2.8-407a BUILD: 130709-1350 from; Asterisk 1.4.44. I'm also using eyebeam softphone 1.1 3007n stamp 17816.
jace
 
Posts: 20
Joined: Wed Jul 10, 2013 4:49 pm

Re: password encryption

Postby williamconley » Thu Oct 24, 2013 5:05 pm

! I have never noticed this before (all this new stuff creeps up on me!).

Best to test it in a Virtual system before your live box.

Backups are best handled via the backup script in /usr/share/astguiclient

BEST method would be to install a clean system in a virtual server (with the same version of Vicidial you have now) and then restore from the Backup created by the backup script into that new virtual server. When that system is functional, you have verified that you have a Valid Backup (nice feeling, that) and can also now test this password encryption method on your Virtual server before activating it on your Live environment. Do note that a virtual server environment is only good for a single agent ... but perfect for testing!

And please post your results here. I'd also like to know if the passwords are salted. If not, that's the next likely upgrade for this system (unsalted passwords are still "uncool" although encryption is at least a step in the right direction!).
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby mflorell » Fri Oct 25, 2013 7:39 am

Yes, Vicidial user password encryption does work and is in place on several production clients of ours. We fixed a small bug in it earlier this month involving the copy user function, but other than that encryption has worked for months without incident on several live systems.

If you want to keep up on Vicidial Development, follow us on Twitter and you would have seen that we added this feature on July 11 of this year :)

https://twitter.com/vicidial_dev
mflorell
Site Admin
 
Posts: 18386
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: password encryption

Postby williamconley » Fri Oct 25, 2013 12:50 pm

I must have missed that tweet.

Are the passwords salted?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby willdal3 » Fri Oct 25, 2013 2:51 pm

Hi Guys,

Please help!

Just new here and with vicibox/vicidial. I have tried adding this feature on our server following the steps given from the link given above. Unfortunately, we are having some issues and we're not sure what could be the problem. Is there anything we should install first before we run into this steps? Please advise.

cpan[2]> install Crypt::Eksblowfish::Bcrypt
Running install for module 'Crypt::Eksblowfish::Bcrypt'
Running make for Z/ZE/ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz
Checksum for /root/.cpan/sources/authors/id/Z/ZE/ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz ok
Scanning cache /root/.cpan/build for sizes
............................................................................DONE

CPAN.pm: Going to build Z/ZE/ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz

Warning: ExtUtils::CBuilder not installed or no compiler detected
Proceeding with configuration, but compilation may fail during Build

Created MYMETA.yml and MYMETA.json
Creating new 'Build' script for 'Crypt-Eksblowfish' version '0.009'
Building Crypt-Eksblowfish
Error: no compiler detected to compile 'lib/Crypt/Eksblowfish.c'. Aborting
ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz
./Build -- NOT OK
'YAML' not installed, will not store persistent state
Running Build test
Can't test without successful make
Running Build install
Make had returned bad status, install seems impossible
Failed during this command:
ZEFRAM/Crypt-Eksblowfish-0.009.tar.gz : make NO


Thank you!
ViciBox redux 4.0.3; Vicidial VERSION: 2.8-407a BUILD: 130709-1350; Asterisk 1.4.44 -- (installed using the standard iso with express installation) . Eyebeam softphone
willdal3
 
Posts: 5
Joined: Fri Oct 25, 2013 12:36 pm

Re: password encryption

Postby williamconley » Fri Oct 25, 2013 3:25 pm

Did you try installing ExtUtils::CBuilder ?
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby willdal3 » Fri Oct 25, 2013 4:16 pm

Thank you William for the reply.

Sorry for the ignorance. I haven't install anything yet. We have simply followed the installation guide on the vicibox website and we are ready to go. Please advise on how can I check on this one.

Regards,
ViciBox redux 4.0.3; Vicidial VERSION: 2.8-407a BUILD: 130709-1350; Asterisk 1.4.44 -- (installed using the standard iso with express installation) . Eyebeam softphone
willdal3
 
Posts: 5
Joined: Fri Oct 25, 2013 12:36 pm

Re: password encryption

Postby williamconley » Fri Oct 25, 2013 8:09 pm

This is an "intallation" moment:
Code: Select all
cpan[2]> install Crypt::Eksblowfish::Bcrypt

It failed because it claimed "ExtUtils::CBuilder not installed"
So try:
Code: Select all
cpan[2]> install ExtUtils::CBuilder
cpan[2]> install Crypt::Eksblowfish::Bcrypt
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby mflorell » Sat Oct 26, 2013 5:46 am

williamconley wrote:I must have missed that tweet.

Are the passwords salted?


Yes, they are, and you can also raise the bcrypt computation level if you really want to as well.
mflorell
Site Admin
 
Posts: 18386
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: password encryption

Postby willdal3 » Mon Oct 28, 2013 8:44 am

Thanks Guys for the replies!

I have tried to do what you've said ( cpan[1]> install ExtUtils::CBuilder). After entering the code we've noticed this:
Checking if your kit is complete...
Looks good
Writing Makefile for ExtUtils::CBuilder
Writing MYMETA.yml
Can't exec "make": No such file or directory at /usr/lib/perl5/5.14.2/CPAN/Distribution.pm line 2078.
AMBS/ExtUtils/ExtUtils-CBuilder-0.280212.tar.gz
make -- NOT OK
'YAML' not installed, will not store persistent state
Running make test
Can't test without successful make
Running make install
Make had returned bad status, install seems impossible
Failed during this command:
AMBS/ExtUtils/ExtUtils-CBuilder-0.280212.tar.gz: make NO


We get the same error/warning message upon installing (install Crypt::Eksblowfish::Bcrypt) just like last time.

Please advise what to do next.

Thanks a lot in advance!
ViciBox redux 4.0.3; Vicidial VERSION: 2.8-407a BUILD: 130709-1350; Asterisk 1.4.44 -- (installed using the standard iso with express installation) . Eyebeam softphone
willdal3
 
Posts: 5
Joined: Fri Oct 25, 2013 12:36 pm

Re: password encryption

Postby mflorell » Mon Oct 28, 2013 12:28 pm

You should use the "yast" utility to ensure that you have "make" and "gcc" installed on your system.
mflorell
Site Admin
 
Posts: 18386
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: password encryption

Postby williamconley » Mon Oct 28, 2013 2:05 pm

True enough. Without gcc and make, you cannot compile.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby willdal3 » Tue Oct 29, 2013 9:12 am

Thanks Guys for all your help.

I have verified, "make" and "gcc" was not installed yet. I have successfully run this within YAST and have successfully installed both "ExtUtils::CBuilder" and " Crypt::Eksblowfish::Bcrypt" there after. Password encryption is now enabled and password on user table has been cleared as well.

Regards,

Will
ViciBox redux 4.0.3; Vicidial VERSION: 2.8-407a BUILD: 130709-1350; Asterisk 1.4.44 -- (installed using the standard iso with express installation) . Eyebeam softphone
willdal3
 
Posts: 5
Joined: Fri Oct 25, 2013 12:36 pm

Re: password encryption

Postby williamconley » Tue Oct 29, 2013 2:04 pm

Perhaps it would be useful for you to post your final version of the installation instructions (as it applies to vicibox 4.0.3) for any other 403 users. 8-)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby mav2287 » Tue Oct 29, 2013 6:37 pm

I Second that I may install this myself now that I know it is avaliable.
ViciBox5.x86_64-5.0.3.preload from .iso upgraded to 13.1 | VERSION: 2.10-444c BUILD: 150129-0828 | 1.8.32.2-vici | Dual Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel twin quad core 3Ghz Xeon chips | 32gb of RAM
mav2287
 
Posts: 256
Joined: Thu Oct 03, 2013 6:47 pm

Re: password encryption

Postby williamconley » Tue Oct 29, 2013 9:31 pm

mav2287 wrote:I Second that I may install this myself now that I know it is avaliable.

See! You have an audience after four posts! That's pretty impressive! Post your step-by-step final solution and you can share the joy. 8-)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby willdal3 » Wed Nov 06, 2013 11:31 am

Hi Guys,

Sorry for the late reply as we've got busy these past few days.

Cheers to mflorell and williamconley for guiding me through the resolution.

Per they advised, I have used the YAST command to verify and install "gcc" and "make"

From that of the vicibox command line:
1. type in YAST and press enter
2. YAST2 Control Center will show up, Select on Software -->Software Management --> Enter
3. Skip all other, and make sure that ggc and make are installed.
4. After that you're good to go with the instructions on the given link above for password encryption

Hope it make sense... :oops:

Thanks again...
ViciBox redux 4.0.3; Vicidial VERSION: 2.8-407a BUILD: 130709-1350; Asterisk 1.4.44 -- (installed using the standard iso with express installation) . Eyebeam softphone
willdal3
 
Posts: 5
Joined: Fri Oct 25, 2013 12:36 pm

Re: password encryption

Postby williamconley » Wed Nov 06, 2013 12:17 pm

Excellent postback! 8-)
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)

Re: password encryption

Postby williamconley » Tue Apr 12, 2016 10:41 pm

FYI: Your previous "allowed Single IPs" from the old firewall have been added to this firewall. Those that required an entire subnet/range to be allowed are still hard-coded in the new firewall as well.
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
williamconley
 
Posts: 20258
Joined: Wed Oct 31, 2007 4:17 pm
Location: Davenport, FL (By Disney!)


Return to Support

Who is online

Users browsing this forum: Google [Bot] and 98 guests