fuzzball-muck / fuzzball

Ongoing development of the Fuzzball MUCK server software and associated functionality.
Other
47 stars 27 forks source link

Keeper's password #427

Closed ghost closed 5 years ago

ghost commented 5 years ago

Looking in advancedb, I'm pretty sure Keeper has a password, even though it's not documented like One's potrzebie. Does anyone know what it is? If so, we should document it. If not, we should give him a new password and document it.

pinging @natmeox because advancedb

wyld-sw commented 5 years ago

I believe the intention was that Keeper will never log in, and thus does not need a knowable password.

ghost commented 5 years ago

I believe the intention was that Keeper will never log in, and thus does not need a knowable password.

Still, he has one, so it should be known. :P If he had no password at all, that'd be a different matter.

wyld-sw commented 5 years ago

advancedb, as it was explained to me, was written for Keeper to not have a knowable password. I am inclined to keep it this way.

Edited to confirm that I don't know it.

I suggest we might document the role that Keeper plays in the database, and how there's no need for the password. ~ I just found that the role is documented. Might still be good to have a bit about the password.

ghost commented 5 years ago

His password, just like One's, needs to be changed by the MUCK admin. Someone in the world does know Keeper's password. Documenting the password provides a reason for a MUCK admin to change Keeper's password.

This is different from, say, a GNU/Linux system where root genuinely has no password and can't login. Keeper has wiz privileges and is capable of logging in.

ghost commented 5 years ago

And an open-source project shouldn't be hiding anything from its users, anyway.

wyld-sw commented 5 years ago

We can certainly let folks know that his password was randomized (assuming I remember correctly!).

I'm just mentioning what I think the intention was. I know of no reason to go against that - we don't have the password, but we can certainly @ newpassword Keeper if that's honestly the best approach.

ghost commented 5 years ago

We can certainly let folks know that his password was randomized (assuming I remember correctly!).

How can anyone believe that, without proof?

I'm just mentioning what I think the intention was. I know of no reason to go against that - we don't have the password, but we can certainly @ newpassword Keeper if that's honestly the best approach.

The intention of things can remain the same even when he has a new password. "Hey, Keeper isn't really meant to be logged into. Change his password once and then don't log into him again." or something like that. Or a simple "Change Keeper's password too." after "Change One's password." If MUCK admins want to login as him, a secret password won't stop them, anyway.

ghost commented 5 years ago

https://github.com/fuzzball-muck/fuzzball/pull/430

ghost commented 5 years ago

Resolved by https://github.com/fuzzball-muck/fuzzball/pull/431