Password authentication: Client doesn't get authorised when service is installed

11 posts / 0 new
Last post
julesp
Password authentication: Client doesn't get authorised when service is installed

Hi Michael,

Firstly, I just wanted to say how handy this software is - it's made life so much easier. Keep up the good work!

I've successfully used your Authorisation script https://www.virtualhere.com/authorization to request a password when using a device. I altered it a bit so that it's not user specific and is only concerned about a password.

this is the bit I've changed:


echo "Password ok"
exit 1
else
exit 2
fi
#if [[ "$3" == *"(user)"* ]]; then
## logger "Authorized!"
#exit 1
#else
#logger "NOT authorized"
#exit 0
#fi

On clicking to 'Use' I can enter the password and login. However this only seems to work if I haven't got the Client installed as a service (as you've described here below). https://www.virtualhere.com/client_service
If I install the service, restart the GUI and try to 'Use' a device it doesn't authenticate. Is this perhaps because the daemon has no means of asking for a password? Can't the daemon pass on a password request to the GUI?

I've noticed that the daemon doesn't alter the config file /user/Preferences/vhui Preferences.
Does the daemon use a different config file on a Mac and, if so, where is it located?

Also is there any possibility of using the Mac's native Keychain Access to store passwords?

One more thing - when I install the service, my ClientID becomes 'System Administrator (root)' instead of my normal ClientID when running the GUI without the daemon installed and running. Is there any way to change this behaviour?

The very last thing (which you may not be able to help me with!).... Do you know how I can view VirtualHere logs in the DSM 'Log Center' package?

Thanks,
Jules

Setup -
Synology DS1513+ running DSM 6.1.3
MacBook Pro running OSX 10.12.6
iLok
CMStick
eLicenser (which I don't need to use any more)
USB drive

Michael
.

The daemon wont ask for a password , because its not generally possible (e.g what if the computer boots and no one is yet logged in to ask for a password)

I think you should set the password for the device in the client configure file. Stop and exit the service first. then edit the file (see below for path)

[General]
...
...
PresavedPasswords=<server serial>.<device address>,<password>[,<server serial>.<device address>,<password>]

The settings when run as a daemon are not stored in a user directory because the daemon is run under a system account. In osx the client log is redirected to the Console. The console is viewable using Console Viewer in OSX. That will say where it is loading the settings from (Filter for "VirtualHere")

On my osx it says /var/root/Library/Preferences/vhui Preferences

julesp
can't get it to work

Hi Michael,

I uninstalled the service and quit the GUI.
I found the root vhui Preferences file and added in the line:
PresavedPasswords=00xxxxxxxxxx.61,'password_as_MD5_hash'

I restarted the GUI and installed the service.
Unfortunately though this hasn't worked. Any thoughts?

Also, is there a special device ID number I can use to specify ALL devices?

julesp
checked server log

just checked the server log at /var/log/virtualhere.log
This is what it says:
Error binding device 61 [064f:2af9] to connection 35, BIND_PASSWORD_REQUIRED

Michael
.

The password in vhui Preferences needs to be clear text as the client will look in this setting for the value instead of using a popup dialog to ask for it.

julesp
specifying ALL devices

OK, password in plain text works for the one device that I specified as .61

So in the PresavedPasswords attribute, how do I specify ALL devices or, failing that, more than one device?

Michael
.

If you need to make it more complicated i would suggest just editing the server side script instead. It sounds like you want to ask for a password from everyone else except for you, so perhaps you can just put that in the auth script server side. Otherwise you need to enter in each device and password in the list separated by commas at the client config file

Fredb
what are exactly the expected

what are exactly the expected format of and ?
Does the :
has the same format as License field in the server configuration ?
has the format ... as it is in the client configuration file ?

Fredb
what are exactly the expected

what are exactly the expected format of <server serial> and<device address> ?
Does the :
<server serial> has the same format as License field in the server configuration ?
<device address> has the format ... as it is in the client configuration file ?

Michael
.

You can see the server serial in the client by right clicking on the server and selecting Properties and you can see the device address by right clicking on the device and selecting Properties

Fredb
Thank you !

Thank you !

Log in or register to post comments