| *** nowen has quit (Quit: Leaving.) | 14:35 | |
| *** immotus (~immotus@rrcs-24-153-193-34.sw.biz.rr.com) has joined #wikid | 17:23 | |
| immotus | I have an unusual question... A PCI audit scan has indicated to us that our WiKID 3.4 server has a password field on the login screen form that doesn't tell the browser to never remember what password was entered. What would be the best way for me to add the autocomplete="off" HTML attribute to the password field without upgrading? (the last upgrade didn't turn out so well) | 17:26 |
|---|---|---|
| joevano | immotus: nowen isn't here at the momont. My guess is that he is stuck at home or between work and home due to the storm in the southern US. | 19:11 |
| joevano | s/momont/moment/ | 19:12 |
| immotus | quite a storm, I hear | 20:35 |
| immotus | joevano: thanks for the update | 20:35 |
| immotus | joevano: I hope he gets back safely.. for his own sake :^) | 20:35 |
| *** dystonicka (c631b428@gateway/web/freenode/ip.198.49.180.40) has joined #wikid | 22:03 | |
| *** nowen (~nowen@99-174-92-191.lightspeed.tukrga.sbcglobal.net) has joined #wikid | 22:04 | |
| dystonicka | hi stranger | 22:04 |
| nowen | sorry, sledding | 22:04 |
| dystonicka | np. when is better? | 22:06 |
| joevano | nowen: in your car? ;-) | 22:06 |
| nowen | lol. no, i grew up in Va and know how to drive in snow. around here it's mainly avoid the idiots. | 22:07 |
| nowen | dystonicka: now is fine. | 22:07 |
| nowen | I don't understand how anyone was surprised by this. Been on my weather app for a week | 22:07 |
| dystonicka | i am cuonfused by this snow thing | 22:08 |
| dystonicka | but i have not left the house yet today, so. | 22:08 |
| dystonicka | checking my window. | 22:08 |
| nowen | ha! I worked from how yesterday, but did have to go get the kids at school. | 22:08 |
| dystonicka | yeah, we aren't impacted. | 22:08 |
| dystonicka | i'm discovering the joys and pitfalls of wfh. like the cat has opinions. as does the dog. | 22:09 |
| dystonicka | so. yes. omgmigration. | 22:09 |
| *** immotus has parted #wikid ("Konversation terminated!") | 22:10 | |
| dystonicka | can i have two wikid servers permitting authentication? like. can radius handle that? | 22:10 |
| joevano | I was snowed in for the 4 days in Indiana (over the past week)... 3 foot drifts on the roads | 22:10 |
| dystonicka | blink. that is a lot of snow. | 22:10 |
| joevano | yep, it sucked | 22:11 |
| joevano | we've had 78" so far this year | 22:11 |
| dystonicka | where are you? | 22:12 |
| nowen | more than us | 22:12 |
| nowen | dystonicka: a radius server can handle that. what is your network client again? | 22:13 |
| dystonicka | network client? | 22:13 |
| dystonicka | not sure what you're referencing. is windows implementation | 22:14 |
| dystonicka | off the domain controllers | 22:14 |
| nowen | from WiKID's perspective your VPN or whatever is a client | 22:14 |
| nowen | is it some remote access software? | 22:15 |
| dystonicka | wikid server version is - wikid-server-enterprise-3.5.0-b1342 | 22:15 |
| dystonicka | wikid is used to authenticate to openvpn and to some linux boxes that take wikid tokencodes | 22:15 |
| nowen | ok | 22:15 |
| nowen | and each one of those is listed as a network client? | 22:15 |
| nowen | on the WiKID server | 22:15 |
| dystonicka | there are four network clients listed | 22:19 |
| dystonicka | two domain cntrollers | 22:19 |
| dystonicka | and two vpn servers, which operate in failover. | 22:19 |
| nowen | running some quick tests | 22:24 |
| dystonicka | kk. | 22:24 |
| dystonicka | afk a few, nuking noms | 22:26 |
| nowen | so, the problem with your current set up is that you can't have two network clients with the same IP address associated with different domains | 22:28 |
| nowen | so, option 1: stay where you are and re-register the iphone clients that have issues. | 22:34 |
| dystonicka | it's iphone, android, we had a windows client reported | 22:35 |
| dystonicka | what's option2 2? | 22:35 |
| nowen | option 2: give all your network clients 2 ips and associate the new ips with the new domain | 22:35 |
| dystonicka | for the vpn that's not a problem | 22:36 |
| dystonicka | 'new domain' - splain in context the domain concept | 22:36 |
| dystonicka | cus im thinking active directory | 22:36 |
| nowen | new wikid domain | 22:36 |
| dystonicka | can you have more than one domain on w wikid box? | 22:38 |
| nowen | certainly | 22:38 |
| joevano | dystonicka: South Bend, IN | 22:38 |
| dystonicka | would it still authenticate against the same network clients? | 22:39 |
| nowen | also, it is likely that some if not all of your android and PC issues were due to dns propagation issues | 22:39 |
| nowen | no, that's what you cause confusion | 22:39 |
| nowen | option 3 is to re-register all the tokens | 22:39 |
| dystonicka | yeah. which is a admin hell. i'd been thinking about making them switch to locked or phone | 22:40 |
| dystonicka | but i don't want to deal w/ it now. | 22:40 |
| dystonicka | dunno what it would take to give the machine alternate ways to talk to the auth sources. like. an aditional ip, beause then we could just transition folks. | 22:41 |
| dystonicka | give them 2-3 weeks instead of all at once. | 22:41 |
| dystonicka | the dns thing is a point. i haven't gotten yelled at today yet. | 22:41 |
| nowen | how many issues have you had? | 22:41 |
| dystonicka | 5 | 22:42 |
| nowen | out of how many users? | 22:42 |
| dystonicka | 100ish. | 22:42 |
| dystonicka | that's a lot of work. | 22:43 |
| nowen | do you think you crossed a line today re the DNS? | 22:43 |
| dystonicka | i don't. i'm also a bit uncomfortable leaving it out there just as a dns redirect - but you mentioned you're working on a upgrade that would allow dns? | 22:43 |
| dystonicka | for the servername? | 22:43 |
| nowen | yes, it's an entirely new product line. | 22:44 |
| nowen | It would also have global load-balancing and fail-over | 22:44 |
| dystonicka | that's really cool. | 22:44 |
| dystonicka | i hate to ask, but you know i have to - is there a release date? | 22:44 |
| nowen | ;-). No, not yet. We are still working through some kinks on the replication, testing it in various scenarios, etc. | 22:45 |
| dystonicka | understand. | 22:45 |
| nowen | it's important for us that things work pretty well | 22:45 |
| dystonicka | alright. i'll let it bake till monday and see how it goes - this isn't going to be trivial. its' either put new ips on the authenticatoin sources/network clients which involves some eingeering and then add a new domain | 22:46 |
| dystonicka | so changing 5 things and then telling people to reregister. | 22:46 |
| dystonicka | or delete/regen the domain and require all the tokens to be reregistered | 22:47 |
| dystonicka | one phased one takes time. | 22:47 |
| dystonicka | was there a self-registration option? | 22:47 |
| nowen | yeah, based on AD creds. There's script on the server you can use. | 22:47 |
| dystonicka | k. i dno't code at all - how would that be used? | 22:48 |
| dystonicka | would it be - build webpage w/ form? | 22:48 |
| nowen | http://www.wikidsystems.com/support/wikid-support-center/installation-how-tos/how-to-let-users-add-themselves-using-ad-credentials?searchterm=ADRegis | 22:48 |
| nowen | you can just edit it | 22:49 |
| nowen | it might be over-written in an upgrade, but it's like example.jsp, you can just edit it | 22:49 |
| nowen | that page should be internal only, of course | 22:50 |
| dystonicka | Absolutely. | 22:50 |
| dystonicka | but it would be nice to have. | 22:50 |
| dystonicka | iif we were to add a new domain and a extra ip for each of the network clients | 22:51 |
| dystonicka | oh we just map them in the network client stuff | 22:51 |
| dystonicka | so add domain then map | 22:51 |
| dystonicka | and then set up a self reg. | 22:52 |
| dystonicka | gah. i'll see if things ust work first, but this helps. | 22:52 |
| nowen | it would be nice to get the benefits of the new server if you have to re-reg people. | 22:52 |
| dystonicka | it would. let me know when you're close to release. | 22:53 |
| dystonicka | i don'tw ant to change a lot right now, because the acquisition is making everything shake up | 22:53 |
| nowen | we are very close to beta | 22:53 |
| * nowen crosses fingers | 22:54 | |
| dystonicka | w00t! | 22:54 |
| nowen | but i've said that for a long time | 22:54 |
| dystonicka | i understand. is the bane of making good software | 22:55 |
| dystonicka | alright. i'll go chew on this; i'll check in and let you know hwo it goes | 22:55 |
| nowen | ok | 22:55 |
| dystonicka | bye. "_ | 22:55 |
| *** dystonicka has quit (Quit: Page closed) | 22:55 | |
| *** nowen has quit (Quit: Leaving.) | 23:37 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!