Problem with authentication

Hello,

I’ve made my first installation of Request Tracker (and I’ve got
version 3.0.2).

I’ve started from a relatively minimal installation of RedHat 7.3, and
from then on I satisfied all dependencies needed (I didn’t notice any
failure here).

Perl, apache and modperl are “as provided” by RedHat, and I’m using
PostgreSQL as the database backend.

I copied RT_Config.pm to RT_SiteConfig.pm what seemed appropriate.

Weird things:

  1. nothing shows up on log even though I have:
    Set($LogToSyslog, ‘debug’);
    Set($LogToScreen, ‘debug’);
    Set($LogToFile, ‘debug’);
    Set($LogToFileNamed, ‘/opt/rt-3.0.2/var/log/rt.log’);

  2. users seem to have serious problems
    a) I can’t change passwords (even root’s)
    If I change the password, I will no longer be able to log on.
    Authentication always fails (nothing on logs, not even
    apache’s – except for the GET’s and POST’s)

    b) giving up changing the default password (since this is only
    tests on a non networked machine), I create a user and give it
    the password ‘ola123’ (without quotes).
    This user fails authentication.

    Going back to the root user, I try to see the list of users…
    The created users is_not_listed.

    I think it’s probably a bug, so I try to create it again:
    surprise: “Name in use”

    Looking at the database, the user is clearly there. I don’t
    recognise the crypt method, which one is it? It doesn’t seem to
    be md5, but it’s not crypt either, so I can’t even change the
    database value “by hand” in order to make tests.

Is there something I could have screwed up that would cause this, or is
this a know bug? If so, anyone know if it’s corrected on CVS head so I
can at least try it out?

Regards and thanks in advance, Rui

  • No matter how much you do, you never do enough – unknown
  • Whatever you do will be insignificant,
    | but it is very important that you do it – Gandhi
  • So let’s do it…?

Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

signature.asc (189 Bytes)

Rui Miguel Seabra wrote:

  1. nothing shows up on log even though I have:
    Set($LogToSyslog, ‘debug’);
    Set($LogToScreen, ‘debug’);
    Set($LogToFile, ‘debug’);
    Set($LogToFileNamed, ‘/opt/rt-3.0.2/var/log/rt.log’);

Have you restarted apache since configuring this?

  1. users seem to have serious problems
    a) I can’t change passwords (even root’s)

What version of Digest::MD5 do you have installed?
Older versions are believed to cause behaviour similar to this.

    Going back to the root user, I try to see the list of users...
    The created users _is_not_listed_.

Did you set the “Let this user access RT” and “Let this user be
granted rights” checkboxes on this user?

    Looking at the database, the user is clearly there. I don't
    recognise the crypt method, which one is it? It doesn't seem to
    be md5, but it's not crypt either, so I can't even change the
    database value "by hand" in order to make tests.

That really sounds like Digest::MD5 bogosity.
�|� http://www.bestpractical.com/rt – Trouble Ticketing. Free.

Hi,

Rui Miguel Seabra wrote:

  1. nothing shows up on log even though I have:
    Set($LogToSyslog, ‘debug’);
    Set($LogToScreen, ‘debug’);
    Set($LogToFile, ‘debug’);
    Set($LogToFileNamed, ‘/opt/rt-3.0.2/var/log/rt.log’);

Have you restarted apache since configuring this?

Yes. For every change I did in configurations of rt I restarted apache.

  1. users seem to have serious problems
    a) I can’t change passwords (even root’s)

What version of Digest::MD5 do you have installed?
Older versions are believed to cause behaviour similar to this.

Old enough as in the version included in perl 5.6.1? Probably. I
installed the news one from CPAN and it now works as expected.

    Going back to the root user, I try to see the list of users...
    The created users _is_not_listed_.

Did you set the “Let this user access RT” and “Let this user be
granted rights” checkboxes on this user?

I checked the ‘Let this user access RT’ but not the other one. I just
created a new user with both boxes checked (there was still the
password problem). It now shows up, but but what’s the difference
between privileged and non-privileged users other than not showing up in
the Users/Select User section? Maybe RTFM :slight_smile:

    Looking at the database, the user is clearly there. I don't
    recognise the crypt method, which one is it? It doesn't seem to
    be md5, but it's not crypt either, so I can't even change the
    database value "by hand" in order to make tests.

That really sounds like Digest::MD5 bogosity.

It was fortunately. I was really depressed, maybe a Digest::MD5 version
check should be added!

Thanks for your assistance, Rui

  • No matter how much you do, you never do enough – unknown
  • Whatever you do will be insignificant,
    | but it is very important that you do it – Gandhi
  • So let’s do it…?

Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

signature.asc (189 Bytes)