Hi,

I'm trying to set up elogd, running on port 8080 behind an Apache server on port 80, using mod_proxy to redirect
to the elogd server, and the recommended

Redirect permanent /elogbook http://example.com/elogbook/
ProxyPass /elogbook/         http://example.com:8080/

This works well for non-password-protected logbooks, but for password protected (that I can access fine via port
8080), I keep getting shown the Login page, even with valid username / password.    

Poking around the code, it appears (probably not too surprisingly) that the issue lies in check_login().  
For example, 

   /* if invalid or no session ID, show login page */
  if (!skip_sid_check && !sid_check(sid, user_name)) {
      if (isparam("redir"))
         strlcpy(str, getparam("redir"), sizeof(str));
      else
         strlcpy(str, isparam("cmdline") ? getparam("cmdline") : _cmdline, sizeof(str));
      /* avoid recursive loops with ?cmd=Login */
      if (stristr(str, loc("Login")))
         str[0] = 0;
      /*  added write_logfile here...
          char mstr[250];
          sprintf(mstr, "show_login B %s isparam: %d, cmd: %d, skip_sid_check: %d, sid_check: %d",
                         user_name,  isparam("redir"), isparam("cmdline"), skip_sid_check, sid_check(sid,
user_name));
           write_logfile(lbs, mstr);

        */
      show_login_page(lbs, str, 0);
      return FALSE;
}

and the logfile shows that user_name is blank(!!) and redir, cmdline, skip_sid_check, and sid_check(sid,
user_name) all to be 0.   In fact, isparam("unm") and isparam("upwd") are also 0, which explains why user_name
is blank.   But the log file also shows

LOGIN user "username" (attempt)
LOGIN user "username" (success)

just prior to this!

I'd guess that the form POST methods aren't being forwarded correctly, but I haven't looked at it in any more
detail.   

Is there a way to make this (password protecting logbooks while also using a proxy to Apache) work?

Thanks!

For the new version have a look here: http://midas.psi.ch/elog/faq.html#21 

I solved it.
I don't really know if I really needed to compile it but I complied this on the NAS itself so now it is 100% compatible (I believe)

Per

Hi All,

I am interested to have ELOG installed in my QNAP x86 based NAS (239 Pro II)
Have someone done this already or is there a write-up of a normal compile-procedure which I can have as a base when I attempt to compile?

Regards,

Per

 Thanks mate.. Glad to know it wasn't just me going insane? I'll keep an eye out for the new file

Thanks for reporting that bug. With the help of your config file I finally could reproduce and fix it. The fix is contained in SVN revision 2462.

> I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging

As a work around, I've changed the elogd startup script to do:

        /usr/local/sbin/elogd -v -c /usr/local/elog/elogd.cfg 2>&1 | perl -ne '$|=1; if ( $_ =~ /name="upassword"/
) {<>; <>;} else { print "$_";}' > /var/log/elog 2>&1 &

That simply throws away lines that match the pattern:

    name="upassword"

and the following 2 lines (the last of which contains the password).

I'm trying to debug an issue with elogd (2.9.1) and was reminded that using the "-v" option exposes
user passwords. This wasn't a huge problem for us in the past, but we're now using kerberos authentication,
meaning that the exposed username/password applies to lots of sensitive systems within our university.


I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging
purposes, make that a separate (and very well documented) option. Maybe something like:
"--really-include-passwords-as-clear-text-in-log-output". :)