On Dec 30, 2010, at 7:36 AM, ghoulmann wrote: > > I'm collaborating with Massimo to produce a Web2py appliance that will > install a Lucid distro with Web2py fully configured (probably by > patching TurnKey Linux's LAPP stack 11.0). The icing on this would be > an init hook to ask the user to set the web2py password on first run. > I know where the script goes in the filesystem and where it belongs in > the patch. > > However, I don't know Python well enough produce the script. I also > don't know where web2py wants passwords kept or whether there's > hashing involved. So given example scripts for other appliances, is > there anyone willing to collaborate - either write the script for > incorporation, or if it has to be the case, mentor me so I can produce > the script with my students?
Have a look at gluon.main.save_password and gluon.validators.CRYPT to see how this works. (BTW, Massimo, password_file currently depends on cwd, which ought to be fixed. Also, we could offer a cli option for exiting after setting the password, so scripts like Rik's could invoke something like "web2py -a password --exit" to set the initial password, and then store "web2py -a <recycle>" as the normal script startup. I think that'd be better than the script having independent knowledge of how web2py hashes its passwords, since that could change.) > > This blog post and the subsequent thread explains and provides > examples: http://www.turnkeylinux.org/blog/end-to-default-passwords > > I look forward to working together on this contribution to web2py and > TurnKey Linux.
