We seem to have a problem with retrieving user passwords using the forgot password system
Thanks for reporting that bug. With the help of your config file I finally could reproduce and fix it. The fix is contained in SVN revision 2462.
Thanks mate.. Glad to know it wasn't just me going insane? I'll keep an eye out for the new file
For the new version have a look here: http://midas.psi.ch/elog/faq.html#21
Hi All,
I am interested to have ELOG installed in my QNAP x86 based NAS (239 Pro II) Have someone done this already or is there a write-up of a normal compile-procedure which I can have as a base when I attempt to compile?
Regards,
Per
I solved it. I don't really know if I really needed to compile it but I complied this on the NAS itself so now it is 100% compatible (I believe)
> I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging As a work around, I've changed the elogd startup script to do: /usr/local/sbin/elogd -v -c /usr/local/elog/elogd.cfg 2>&1 | perl -ne '$|=1; if ( $_ =~ /name="upassword"/ ) {<>; <>;} else { print "$_";}' > /var/log/elog 2>&1 & That simply throws away lines that match the pattern: name="upassword" and the following 2 lines (the last of which contains the password).
I'm trying to debug an issue with elogd (2.9.1) and was reminded that using the "-v" option exposes user passwords. This wasn't a huge problem for us in the past, but we're now using kerberos authentication, meaning that the exposed username/password applies to lots of sensitive systems within our university. I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging purposes, make that a separate (and very well documented) option. Maybe something like: "--really-include-passwords-as-clear-text-in-log-output". :)