[tor-bugs] #3898 [Vidalia]: If CookieAuth and PasswordAuth are both offered, and cookie fails, fall back to password

Tor Bug Tracker & Wiki torproject-admin at torproject.org
Fri Sep 2 00:10:37 UTC 2011


#3898: If CookieAuth and PasswordAuth are both offered, and cookie fails, fall
back to password
-------------------------+--------------------------------------------------
 Reporter:  arma         |          Owner:  chiiph
     Type:  enhancement  |         Status:  new   
 Priority:  normal       |      Milestone:        
Component:  Vidalia      |        Version:        
 Keywords:               |         Parent:        
   Points:               |   Actualpoints:        
-------------------------+--------------------------------------------------
 The Tor 0.2.2.x deb, from 0.2.2.29-beta on, enables CookieAuthentication
 by default:
 https://gitweb.torproject.org/debian/tor.git/blob/debian-0.2.2:/debian/patches/06_add_compile_time_defaults.dpatch

 So Vidalia users on Debian/Ubuntu who had set HashedControlPassword in
 their torrc are bitten by a Vidalia bug: if the controlport's ProtocolInfo
 line says cookie and hashedpassword are both supported, Vidalia tries
 cookie, and if it fails it gives up.

 If cookie fails but hashedpassword is also offered, Vidalia should try
 that one next.

 Ideally we'd either support this in the Vidalia 0.2.x timeframe, or step
 up the schedule to ship Vidalia 0.3.x alongside the Tor 0.2.2 debs in
 whatever debian/ubuntu releases are coming next.

 (I wonder how this order-of-operations interacts with the later
 controlsocket support.)

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3898>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list