[Koha] kohaadmin password change

Chris Cormack chrisc at catalyst.net.nz
Sun Aug 19 22:52:42 NZST 2012 

I highly doubt it has changed the mysql password, there is no code in Koha to do that, I just checked. It can only change the password in the borrowers table in the Koha db.

I'm not sure what you have done to mysql. 

Chris

Manos Petridis <egpetridis at yahoo.com> wrote:

 
----- Original Message -----
> From: Chris Cormack <chris at bigballofwax.co.nz>
> To: Manos Petridis <egpetridis at yahoo.com>
> Cc: "koha at lists.katipo.co.nz" <koha at lists.katipo.co.nz>
> Sent: Sunday, August 19, 2012 12:46 PM
> Subject: Re: [Koha] kohaadmin password change
> 
> On 19 August 2012 21:35, Manos Petridis <egpetridis at yahoo.com> wrote:
>> Thank you Chris for your reply. I guess there must have been some pressing 
> need to present both MySQL users and koha users in the same interface/list.
>> 
> Yes, you need one user to be able to login to create a new one. It's
> only one mysql user btw.
> 
>> I understand the concept of creating a 2nd super-user and perform any 
> operations from that profile; in fact I had already created such a user so that 
> I could get myself out of trouble should I forget/mistype the kohaadmin pass.
>> 
>> I suppose I'll have to log-in to MySQL with the new pass (or as a root) 
> and change the kohaadmin pass back to the previous value.
>> 
> O you could just edit the koha-conf.xml file that has the password in it.

Ah! Will try that, thank you. 
I seem to have trouble using mysql from the command line now, so the situation has really become interesting :-)


> 
>> Two more notes to be added to my wishlist:
>> a) There ought to be a clear way to change the kohaadmin password 
> nevertheless, for what good is a password for, if it is known by everyone?
> 
> Why on earth would you tell everyone the mysql user password?
> Nevertheless there is, change it in mysql, like you would any other
> mysql user, and edit the koha-conf.xml to match.

I use a ready-made koha VM appliance, so the initial passwords are shared with the world, regardless of my wishes. 
Using a VM appliance is fine for my needs, as I use koha to document my personal library only (for now at least) and try/learn about koha.
As I have already reported some issues in this list, I was preparing my installation so that I may be able to let the other list members see for themselves the behaviour I mentioned in my messages. One step in this preparation was changing the administrative passwords.

> 
>> b) There should be a warning when someone - with the proper rights - tries 
> to change the kohaadmin password via the administrative interface. Then again it 
> may well be a joke on koha newbies and such a warning would spoil the fun ;-)
>> kind regards,
>> 
> The kohaadmin user (or whatever name, it doesn't need to be that) is
> not a real user and should not ever be used as such. There is a patch
> awaiting sign off to try to stop people logging in as the mysql user.

Well, the question is not why someone regularly logs-in with the administrator/root/superuser/sysadm/qsecofr/you_name_it credentials: in my case I am the sole user and I always do either catalogue-ing or administrative work. The question is why the MySQL user is presented among the koha users, and why koha has been made able to change this user's pass in MySQL, but not re-configure itself to use the new pass. But as I already said, there must have been some pressing need that I'm not aware of, so...


> 
> More patches are always welcome of course.

Alas, I'm perl-challenged myself. 


> 
> Chris
> 

Manos 
_____________________________________________

Koha mailing list http://koha-community.org
Koha at lists.katipo.co.nz
http://lists.katipo.co.nz/mailman/listinfo/koha

More information about the Koha mailing list