| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
652
|
Tue Aug 3 16:34:23 2004 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.5.2 - 2. | Re: User/Admin privlege question | Ok, now I see your problem. You defined a "Guest menu commands" which explicitly allows
not-authorized access (that's what it's for). If you only want to allow authorized
access, remove the "guest menu commands" from the logbook sections and also from the
[global] section.
Please note that if an option is not preent in a logbook section, it is looked for in
the [global] section. I see that most of your logbooks have similar settings. Just put
them into the [global] section, and override it in the logbook section if they are
different. |
|
654
|
Tue Aug 3 20:14:55 2004 |
 | Alexandre Camsonne | camsonne@jlab.org | Bug report | Linux | 2.5.2 - 2. | Re: User/Admin privlege question | Thank you, I misunderstood how the "Guest menu commands" worked I thought I had to specify
a limited set of commands to actually limit guest users.
Thanks again for your wonderful work on this program too.
Regards,
Alexandre
> Ok, now I see your problem. You defined a "Guest menu commands" which explicitly allows
> not-authorized access (that's what it's for). If you only want to allow authorized
> access, remove the "guest menu commands" from the logbook sections and also from the
> [global] section.
>
> Please note that if an option is not preent in a logbook section, it is looked for in
> the [global] section. I see that most of your logbooks have similar settings. Just put
> them into the [global] section, and override it in the logbook section if they are
> different. |
|
68748
|
Tue Feb 27 15:32:30 2018 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | Windows | 3.1.3.1 | Re: User passwords not configurable with loacl passwordfile | Have you configures user-level access via
password file = anyfile.pwd
Can your elogd server write to that file?
If yes, can you please post your config file?
Stefan
| KaterKarlo99 wrote: |
|
Hi!
Tryed windows an linux version. On booth the "Register new User" dialog is not displaying a password line.
so what password is used for the new user? Further the user can't change his password, because he didn't know the old one.
And if an admin user trys to change the password of an other user, a error is displyed that the old password of the admin user is
wrong and nothing happens with the password of the non-admin user.
elog console (admin user awrzkrz changes the password of testuser1):
GET /demo/?cmd=Config&config=TestUser1&cfgpage=1&admin=1&cfg_user=TestUser1&active=1&new_user_name=TestUser1&new_full_name=TEST+User&new_user_email=test%40heaven.org&cmd=Change+password HTTP/1.1
Returned 1032 bytes
GET /demo/?config=TestUser1&newpwd=test1234&newpwd2=test1234 HTTP/1.1
Returned 20 bytes
GET /demo/?cmd=Change%20password&config=awrzkrz&fail=1 HTTP/1.1
Returned 1215 bytes
Thanks for help!
|
|
|
68749
|
Wed Feb 28 11:38:23 2018 |
| KaterKarlo98 | katerkarlo99@gmail.com | Bug report | Linux | Windows | 3.1.3.1 | Re: User passwords not configurable with loacl passwordfile | Hi Stefan,
thanks for the quick reply.
Yes, i've configured user-level access. Here is my cfg:
[global]
port = 9191
Usr = abc
Grp = abc
SMTP host = mail.xy.at
Protect Selection page = 1
Password file = elog_pw.xml
Logfile = elog_log.txt
Logging level = 2
Admin user = User1, Admin
Self register = 2
Restrict edit = 1
Allow password change = 1
[demo]
Theme = default
Authentication = Kerberos
Comment = General Linux Tips & Tricks
Attributes = Author, Type, Category, Subject
Options Type = Routine, Software Installation, Problem Fixed, Configuration, Oth er
Options Category = General, Hardware, Software, Network, Other
Extendable Options = Category
Required Attributes = Author, Type
Page Title = ELOG - $subject
Reverse sort = 1
Quick filter = Date, Type
And, yes, the password file is r7w accessible for the elogd:
[root@localhost logbooks]# cat elog_pw.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- created by MXML on Tue Feb 27 14:54:52 2018 -->
<list>
<user>
<name>Admin</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>Admin</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>admin@hell.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
<user>
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>User1</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
</list>
br, Rainer
| Stefan Ritt wrote: |
|
Have you configures user-level access via
password file = anyfile.pwd
Can your elogd server write to that file?
If yes, can you please post your config file?
Stefan
| KaterKarlo99 wrote: |
|
Hi!
Tryed windows an linux version. On booth the "Register new User" dialog is not displaying a password line.
so what password is used for the new user? Further the user can't change his password, because he didn't know the old one.
And if an admin user trys to change the password of an other user, a error is displyed that the old password of the admin user is
wrong and nothing happens with the password of the non-admin user.
elog console (admin user awrzkrz changes the password of testuser1):
GET /demo/?cmd=Config&config=TestUser1&cfgpage=1&admin=1&cfg_user=TestUser1&active=1&new_user_name=TestUser1&new_full_name=TEST+User&new_user_email=test%40heaven.org&cmd=Change+password HTTP/1.1
Returned 1032 bytes
GET /demo/?config=TestUser1&newpwd=test1234&newpwd2=test1234 HTTP/1.1
Returned 20 bytes
GET /demo/?cmd=Change%20password&config=awrzkrz&fail=1 HTTP/1.1
Returned 1215 bytes
Thanks for help!
|
|
|
|
68750
|
Mon Mar 5 14:10:52 2018 |
| KaterKarlo99 | katerkarlo99@gmail.com | Bug report | Linux | Windows | 3.1.3.1 | Re: User passwords not configurable with loacl passwordfile | I'm afraid that there is something wrong because each user will be written with the same (hashed) password to the local password file,
irrespective of the given password within the "new User dialog".
So for instance, every user in my password file lokks like this:
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>TEST User</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
"password encoding" has got the same value for each user after creating them with their own passwords....
That's the main issue i have, because i don't know this password and can't set a known one....
frustrating....
any help would be appreciated
| KaterKarlo98 wrote: |
|
Hi Stefan,
thanks for the quick reply.
Yes, i've configured user-level access. Here is my cfg:
[global]
port = 9191
Usr = abc
Grp = abc
SMTP host = mail.xy.at
Protect Selection page = 1
Password file = elog_pw.xml
Logfile = elog_log.txt
Logging level = 2
Admin user = User1, Admin
Self register = 2
Restrict edit = 1
Allow password change = 1
[demo]
Theme = default
Authentication = Kerberos
Comment = General Linux Tips & Tricks
Attributes = Author, Type, Category, Subject
Options Type = Routine, Software Installation, Problem Fixed, Configuration, Oth er
Options Category = General, Hardware, Software, Network, Other
Extendable Options = Category
Required Attributes = Author, Type
Page Title = ELOG - $subject
Reverse sort = 1
Quick filter = Date, Type
And, yes, the password file is r7w accessible for the elogd:
[root@localhost logbooks]# cat elog_pw.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- created by MXML on Tue Feb 27 14:54:52 2018 -->
<list>
<user>
<name>Admin</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>Admin</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>admin@hell.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
<user>
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>User1</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
</list>
br, Rainer
| Stefan Ritt wrote: |
|
Have you configures user-level access via
password file = anyfile.pwd
Can your elogd server write to that file?
If yes, can you please post your config file?
Stefan
| KaterKarlo99 wrote: |
|
Hi!
Tryed windows an linux version. On booth the "Register new User" dialog is not displaying a password line.
so what password is used for the new user? Further the user can't change his password, because he didn't know the old one.
And if an admin user trys to change the password of an other user, a error is displyed that the old password of the admin user is
wrong and nothing happens with the password of the non-admin user.
elog console (admin user awrzkrz changes the password of testuser1):
GET /demo/?cmd=Config&config=TestUser1&cfgpage=1&admin=1&cfg_user=TestUser1&active=1&new_user_name=TestUser1&new_full_name=TEST+User&new_user_email=test%40heaven.org&cmd=Change+password HTTP/1.1
Returned 1032 bytes
GET /demo/?config=TestUser1&newpwd=test1234&newpwd2=test1234 HTTP/1.1
Returned 20 bytes
GET /demo/?cmd=Change%20password&config=awrzkrz&fail=1 HTTP/1.1
Returned 1215 bytes
Thanks for help!
|
|
|
|
|
68751
|
Mon Mar 5 14:29:26 2018 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | Windows | 3.1.3.1 | Re: User passwords not configurable with loacl passwordfile | What happens when you don't use Kerberos authentication?
| KaterKarlo99 wrote: |
|
I'm afraid that there is something wrong because each user will be written with the same (hashed) password to the local password file,
irrespective of the given password within the "new User dialog".
So for instance, every user in my password file lokks like this:
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>TEST User</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
"password encoding" has got the same value for each user after creating them with their own passwords....
That's the main issue i have, because i don't know this password and can't set a known one....
frustrating....
any help would be appreciated
| KaterKarlo98 wrote: |
|
Hi Stefan,
thanks for the quick reply.
Yes, i've configured user-level access. Here is my cfg:
[global]
port = 9191
Usr = abc
Grp = abc
SMTP host = mail.xy.at
Protect Selection page = 1
Password file = elog_pw.xml
Logfile = elog_log.txt
Logging level = 2
Admin user = User1, Admin
Self register = 2
Restrict edit = 1
Allow password change = 1
[demo]
Theme = default
Authentication = Kerberos
Comment = General Linux Tips & Tricks
Attributes = Author, Type, Category, Subject
Options Type = Routine, Software Installation, Problem Fixed, Configuration, Oth er
Options Category = General, Hardware, Software, Network, Other
Extendable Options = Category
Required Attributes = Author, Type
Page Title = ELOG - $subject
Reverse sort = 1
Quick filter = Date, Type
And, yes, the password file is r7w accessible for the elogd:
[root@localhost logbooks]# cat elog_pw.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- created by MXML on Tue Feb 27 14:54:52 2018 -->
<list>
<user>
<name>Admin</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>Admin</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>admin@hell.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
<user>
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>User1</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
</list>
br, Rainer
| Stefan Ritt wrote: |
|
Have you configures user-level access via
password file = anyfile.pwd
Can your elogd server write to that file?
If yes, can you please post your config file?
Stefan
| KaterKarlo99 wrote: |
|
Hi!
Tryed windows an linux version. On booth the "Register new User" dialog is not displaying a password line.
so what password is used for the new user? Further the user can't change his password, because he didn't know the old one.
And if an admin user trys to change the password of an other user, a error is displyed that the old password of the admin user is
wrong and nothing happens with the password of the non-admin user.
elog console (admin user awrzkrz changes the password of testuser1):
GET /demo/?cmd=Config&config=TestUser1&cfgpage=1&admin=1&cfg_user=TestUser1&active=1&new_user_name=TestUser1&new_full_name=TEST+User&new_user_email=test%40heaven.org&cmd=Change+password HTTP/1.1
Returned 1032 bytes
GET /demo/?config=TestUser1&newpwd=test1234&newpwd2=test1234 HTTP/1.1
Returned 20 bytes
GET /demo/?cmd=Change%20password&config=awrzkrz&fail=1 HTTP/1.1
Returned 1215 bytes
Thanks for help!
|
|
|
|
|
|
68752
|
Mon Mar 5 14:44:58 2018 |
| KaterKarlo99 | katerkarlo99@gmail.com | Bug report | Linux | Windows | 3.1.3.1 | Re: User passwords not configurable with loacl passwordfile | Yeah!!
That did it! I remove the line "Kerberos authentication" and now it works!
Thanks!
| Stefan Ritt wrote: |
|
What happens when you don't use Kerberos authentication?
| KaterKarlo99 wrote: |
|
I'm afraid that there is something wrong because each user will be written with the same (hashed) password to the local password file,
irrespective of the given password within the "new User dialog".
So for instance, every user in my password file lokks like this:
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>TEST User</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
"password encoding" has got the same value for each user after creating them with their own passwords....
That's the main issue i have, because i don't know this password and can't set a known one....
frustrating....
any help would be appreciated
| KaterKarlo98 wrote: |
|
Hi Stefan,
thanks for the quick reply.
Yes, i've configured user-level access. Here is my cfg:
[global]
port = 9191
Usr = abc
Grp = abc
SMTP host = mail.xy.at
Protect Selection page = 1
Password file = elog_pw.xml
Logfile = elog_log.txt
Logging level = 2
Admin user = User1, Admin
Self register = 2
Restrict edit = 1
Allow password change = 1
[demo]
Theme = default
Authentication = Kerberos
Comment = General Linux Tips & Tricks
Attributes = Author, Type, Category, Subject
Options Type = Routine, Software Installation, Problem Fixed, Configuration, Oth er
Options Category = General, Hardware, Software, Network, Other
Extendable Options = Category
Required Attributes = Author, Type
Page Title = ELOG - $subject
Reverse sort = 1
Quick filter = Date, Type
And, yes, the password file is r7w accessible for the elogd:
[root@localhost logbooks]# cat elog_pw.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- created by MXML on Tue Feb 27 14:54:52 2018 -->
<list>
<user>
<name>Admin</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>Admin</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>admin@hell.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
<user>
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>User1</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
</list>
br, Rainer
| Stefan Ritt wrote: |
|
Have you configures user-level access via
password file = anyfile.pwd
Can your elogd server write to that file?
If yes, can you please post your config file?
Stefan
| KaterKarlo99 wrote: |
|
Hi!
Tryed windows an linux version. On booth the "Register new User" dialog is not displaying a password line.
so what password is used for the new user? Further the user can't change his password, because he didn't know the old one.
And if an admin user trys to change the password of an other user, a error is displyed that the old password of the admin user is
wrong and nothing happens with the password of the non-admin user.
elog console (admin user awrzkrz changes the password of testuser1):
GET /demo/?cmd=Config&config=TestUser1&cfgpage=1&admin=1&cfg_user=TestUser1&active=1&new_user_name=TestUser1&new_full_name=TEST+User&new_user_email=test%40heaven.org&cmd=Change+password HTTP/1.1
Returned 1032 bytes
GET /demo/?config=TestUser1&newpwd=test1234&newpwd2=test1234 HTTP/1.1
Returned 20 bytes
GET /demo/?cmd=Change%20password&config=awrzkrz&fail=1 HTTP/1.1
Returned 1215 bytes
Thanks for help!
|
|
|
|
|
|
|
66371
|
Thu Jun 4 14:37:54 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.7.6 | Re: User can modify Fixed Attributes Edit when selecting preview |
| Allen wrote: |
|
Hi. I'm pretty new to ELOG, so I'm not sure if I'm doing something wrong.
I have a bunch of fields set so that after an entry has been submitted, they cannot edit certain fields. When I click the edit button, everything looks restricted as it should be, but if I click Preview, the user is then able to change the fixed attributes.
Is there anyway to remove the preview button inside the edit page, or is anyone else having this issue?
|
Thanks for reporting this bug. I fixed it in revision #2203. |
|