Hi,
the manual says:
"
There are four ways through which access to a logbook may be controlled:
it may be open for all to read ;
it may require a common "read" password for all users ;
it may require each user to have an individual user account (login name) and password ;
finally, access may be granted or not depending on the address of the workstation you are using.
"
But it doesn't say how to do so or at least I didn't find it.
If I have each user have to log in with an individual accout, can I define which logbooks he can read and/or modify?
If yes, how to do that?
Also, please accept my vote for user groups. We can use that, too.
TIA,
Roland. |
Hi,
I'm trying to set up elogd, running on port 8080 behind an Apache server on port 80, using mod_proxy to redirect
to the elogd server, and the recommended
Redirect permanent /elogbook http://example.com/elogbook/
ProxyPass /elogbook/ http://example.com:8080/
This works well for non-password-protected logbooks, but for password protected (that I can access fine via port
8080), I keep getting shown the Login page, even with valid username / password.
Poking around the code, it appears (probably not too surprisingly) that the issue lies in check_login().
For example,
/* if invalid or no session ID, show login page */
if (!skip_sid_check && !sid_check(sid, user_name)) {
if (isparam("redir"))
strlcpy(str, getparam("redir"), sizeof(str));
else
strlcpy(str, isparam("cmdline") ? getparam("cmdline") : _cmdline, sizeof(str));
/* avoid recursive loops with ?cmd=Login */
if (stristr(str, loc("Login")))
str[0] = 0;
/* added write_logfile here...
char mstr[250];
sprintf(mstr, "show_login B %s isparam: %d, cmd: %d, skip_sid_check: %d, sid_check: %d",
user_name, isparam("redir"), isparam("cmdline"), skip_sid_check, sid_check(sid,
user_name));
write_logfile(lbs, mstr);
*/
show_login_page(lbs, str, 0);
return FALSE;
}
and the logfile shows that user_name is blank(!!) and redir, cmdline, skip_sid_check, and sid_check(sid,
user_name) all to be 0. In fact, isparam("unm") and isparam("upwd") are also 0, which explains why user_name
is blank. But the log file also shows
LOGIN user "username" (attempt)
LOGIN user "username" (success)
just prior to this!
I'd guess that the form POST methods aren't being forwarded correctly, but I haven't looked at it in any more
detail.
Is there a way to make this (password protecting logbooks while also using a proxy to Apache) work?
Thanks! |