Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Tree: f4975fb025
Fetching contributors…

Cannot retrieve contributors at this time

44 lines (31 sloc) 1.556 kB
= requirements
Slasti works through WSGI interface to a webserver, so mod_wsgi is typically
employed. See INSTALL.mod_wsgi for specifics. It also needs Python 2.6 or
thereabout. No database is used.
= passwords
Slasti stores user passwords hashed at rest, and generates login cookies
using the hash as if it were the plaintext. Obviously, anyone who captures
the hash can fake login cookies, so there is no advantage for us to store
passwords hashed. We only do it as a cortesy to people who use the same
password on several websites.
To configure user passwords, first select a salt. This works:
dd if=/dev/random bs=6 count=1 2>/dev/null | od -x | awk '{print $2 $3 $4}'
You will save this as "salt" in slasti-users.conf. Then, negotiate the
password with the user. Then, hash them together:
salt=$(dd if= blah blah blah)
password=whatever
echo -n "${salt}${password}" | md5sum
The result of md5sum goes into the "pass" field. See the example
slasti-users.conf for the JSON syntax.
= SSL
Since the authentication in Slasti is cookie-based, it is very important
to use SSL. However, although Slasti is usually deployed with SSL,
currently it is not SSL-aware. There will be no bugging to use SSL
for logins, and no explicit "secure mode". The best approach is still
being searched. Meanwhile, configure Apache like you would for any
SSL-enabled service, then always use https:// schema.
= pre-loading from XML
cd /var/www/slasti
mkdir user
python /home/admin/git/slasti/del2sla.py user /home/admin/tmp/export-user.xml
chown -R apache user
Jump to Line
Something went wrong with that request. Please try again.