[Owncloud] Discovering owncloud, user's password storage under Windows

Tue Mar 19 21:55:45 UTC 2013

Hello !
Thanks for your answer.
Really, I agree with you but when you change several machines a day (lab machines), when your headstaff doesn’t want to be bothered by a new password, etc. etc. … you have no other solution than generate & store passwords. A very very few people have access to it (for security reasons) : only my colleague & me,  and the user has definitely no time to configure it on his own  anyway, so if we don’t do it ourselves, it will never be done. To compare actually I transfer user’s data with a USB key when reinstalling/changing machine, can you imagine …?
User’s profile sizes at 5-8 GB for most of users, up to 30 GB (plus the files stored in the server, but I don’t count them).

I saw what you’re talking about. On the registry, I found this entry :
[HKEY_CURRENT_USER\Software\ownCloud\OrganizationDefaults\casimir:http:]
"owncloud.mondomaine.fr"=hex:40,00,42,00,79,00,74,00,65,00,41,00,72,00,72,00,61,00, … (where casimir is my owncloud login)

When I decode this, I have     @ByteArray(������z�O���{��:���J��s����2QKeychain-encrypted data
________________________________
f�
V���0N����I�%}
________________________________
��G��"��
    6��[1]6!�X>U���w�Z���
________________________________
�F��.���s>T�^UN~A&��*" )

With the old version, in the owncloud.cfg file, password was base64 encoded it was simple to encode it and create the file … (yes, simple to decode it as well, but this owncloud is only for backup purpose, not for external use, the password is not the windows session one, so I don’t really worry about it. It’s a bit securized (10 chars, up/lower case, numbers).)

I’ll have a look in what you suggest.

Thanks
Matthieu

De : owncloud-bounces at kde.org [mailto:owncloud-bounces at kde.org] De la part de Craig Sawyer
Envoyé : mardi 19 mars 2013 22:46
À : owncloud at kde.org
Objet : Re: [Owncloud] Discovering owncloud, user's password storage under Windows

You really shouldn't be storing plain-text versions of anyone's password.  I would recommend just having them do the login part themselves. That is what I'm doing on my network.  I build my own ownCloud client that has all the config setup except for the user/password.  When it runs the first time on the machine it asks them for their user/pass.  They login to the client, and it's done.  No other configuration required.  Works great for us.

Otherwise I don't know the answer to your question.  It uses the windows registry, but I don't know what format the password is stored in, I'm sure it's encrypted.  It uses QtKeychain, so if you go looking thru the QtKeychain sources/docs I'm sure you could figure it out.

Regardless, I wish you successs!

-Craig
On Tue, Mar 19, 2013 at 2:33 PM, Matthieu Lacroix <mlacroix at hopscotch.fr<mailto:mlacroix at hopscotch.fr>> wrote:
Hello

I'm currently setting up a process which includes Owncloud on my LAN (100 machines).

Environment :
Server = Ubuntu 12.04 LTS, owncloud 4.5.7
Client = Windows 7 pro (32 & 64 bits, Windows 2008 R2 domain), owncloud 1.2.0.

I don't want to manually define the user's password. I have an intranet (PHP/MySQL) which stores all this data in a DB (user login, password generated, folders to sync) and by PHP, I can generate all the files, but the user's password is missing.
I saw it's now saved in the Windows registry, so i thought about generating a .reg file on the user's desktop in order to import the owncloud profile by double clicking on it.

In an older version (owncloud 1.1.4) the user's password was set into the owncloud.cfg like passwd="@ByteArray(...)" but this is no more possible in 1.2.0. (an error message is displayed, "entry not found")

Any help would be most appreciated, i can share in return all my PHP/Shell code to generate the folders files sync.

Thanks in advance
Matthieu

_______________________________________________
Owncloud mailing list
Owncloud at kde.org<mailto:Owncloud at kde.org>
https://mail.kde.org/mailman/listinfo/owncloud

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/owncloud/attachments/20130319/d386178d/attachment.html>