MobileRead Forums - View Single Post

kovidgoyal · 06-26-2017, 10:48 PM

Sigh, I am going to try this one last time, just because I am eternal optimist.

1) You sync user accounts from LDAP to calibre with default passwords. i.e. the same dummy password for all user accounts.

2) You get Apache to re-write the Authorization header so it contains the username and this default password instead of the actual password.

3) The web server uses digest authentication. Digest authentication requires unhashed passwords (or at best passwords hashed without a salt and with MD5). You dont like it, take it up with the IETF.

4) You cannot run the server and the GUI at the same time because they both can make changes to the calibre library. Pick one.

I am done with this thread. It seems to be filled with people asking the same questions over and over again, despite my having them answered already.

06-26-2017, 10:48 PM	#37
kovidgoyal creator of calibre Posts: 45,240 Karma: 27110894 Join Date: Oct 2006 Location: Mumbai, India Device: Various	Sigh, I am going to try this one last time, just because I am eternal optimist. 1) You sync user accounts from LDAP to calibre with default passwords. i.e. the same dummy password for all user accounts. 2) You get Apache to re-write the Authorization header so it contains the username and this default password instead of the actual password. 3) The web server uses digest authentication. Digest authentication requires unhashed passwords (or at best passwords hashed without a salt and with MD5). You dont like it, take it up with the IETF. 4) You cannot run the server and the GUI at the same time because they both can make changes to the calibre library. Pick one. I am done with this thread. It seems to be filled with people asking the same questions over and over again, despite my having them answered already.