[tor-bugs] #3898 [Vidalia]: If CookieAuth and PasswordAuth are both offered, and cookie fails, fall back to password
Tor Bug Tracker & Wiki
torproject-admin at torproject.org
Fri Sep 2 00:10:37 UTC 2011
#3898: If CookieAuth and PasswordAuth are both offered, and cookie fails, fall
back to password
-------------------------+--------------------------------------------------
Reporter: arma | Owner: chiiph
Type: enhancement | Status: new
Priority: normal | Milestone:
Component: Vidalia | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
The Tor 0.2.2.x deb, from 0.2.2.29-beta on, enables CookieAuthentication
by default:
https://gitweb.torproject.org/debian/tor.git/blob/debian-0.2.2:/debian/patches/06_add_compile_time_defaults.dpatch
So Vidalia users on Debian/Ubuntu who had set HashedControlPassword in
their torrc are bitten by a Vidalia bug: if the controlport's ProtocolInfo
line says cookie and hashedpassword are both supported, Vidalia tries
cookie, and if it fails it gives up.
If cookie fails but hashedpassword is also offered, Vidalia should try
that one next.
Ideally we'd either support this in the Vidalia 0.2.x timeframe, or step
up the schedule to ship Vidalia 0.3.x alongside the Tor 0.2.2 debs in
whatever debian/ubuntu releases are coming next.
(I wonder how this order-of-operations interacts with the later
controlsocket support.)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/3898>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list