Thanks mate.. Glad to know it wasn't just me going insane? I'll keep an eye out for the new file

Thanks for reporting that bug. With the help of your config file I finally could reproduce and fix it. The fix is contained in SVN revision 2462.

> I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging

As a work around, I've changed the elogd startup script to do:

        /usr/local/sbin/elogd -v -c /usr/local/elog/elogd.cfg 2>&1 | perl -ne '$|=1; if ( $_ =~ /name="upassword"/
) {<>; <>;} else { print "$_";}' > /var/log/elog 2>&1 &

That simply throws away lines that match the pattern:

    name="upassword"

and the following 2 lines (the last of which contains the password).

I'm trying to debug an issue with elogd (2.9.1) and was reminded that using the "-v" option exposes
user passwords. This wasn't a huge problem for us in the past, but we're now using kerberos authentication,
meaning that the exposed username/password applies to lots of sensitive systems within our university.


I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging
purposes, make that a separate (and very well documented) option. Maybe something like:
"--really-include-passwords-as-clear-text-in-log-output". :)

Thanks for suggestion... it gave me idea for slightly different way to do it.  The method you suggest doesnt work that well to share in group (everyone would have to add that link in their bookmarks).. So I added this in config file:
Title image = <img border=0 height=25 src="bulb.png" alt="Summary/TOC entry">
Title image URL = <http:link to my specific elog page/entry num>

That replaces elog help icon with a link to TOC entry which can be any entry number.  One could make a custom icon and perhaps play around with adding more than one link (?).

Another thing that could do same thing and maybe more consistent with elog philiosophy would be to add a command that goes to a specific link or entry.... but this current solution works...

We seem to have a problem with retrieving user passwords using the forgot password system
This only happens when trying to use the password recovery from the first screen that forces people to log in with the following syntax:

Protect selection page = 1
Password file = XXXXX

On the first page of our elog which can be found at

http://physics.uj.ac.za/elog/

Now currently there is one page that is viewable by guests, so going to this direct link, bypasses the login at the main page
If you try login from this page, and then use the forgot password link, the email that gets sent through will then work.

The first email that gets sent through using the main login page has the following link:
https://physics.uj.ac.za/elog/?redir=%3Fcmd%3DChange+password%26oldpwd%3DYJAATGHSIRRSBLLP&uname=Tester&upassword=YJAATGHSIRRSBLLP

When clicking on the above link normally, it takes you to a NULL user

The email link that gets sent from the guest page, that works, looks like this:
https://physics.uj.ac.za/elog/General/?redir=%3Fcmd%3DChange+password%26oldpwd%3DSACWEHJWWHKEXLMO&uname=Tester&upassword=SACWEHJWWHKEXLMO

Attached is a copy of the cfg file. The last few logbooks are all actually just copies of TEMPLATE A, so I have removed all their details to make the file easier to read for now
 

Hi,

I was wondering what is the correct way so that the author field when a reply is made shows the author of the
person making the reply.
In version 2.6, the field was filled correctly but since upgrading to ELOG V2.9.1-2435 due to the ssh problem
the field just keeps the author of the original post.

I have a tried a number of subst on reply Author = $long_name with no luck.

Any ideas?

Cheers,
Aldo