| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
69093
|
Fri Jan 24 18:22:52 2020 |
 | Laurent Jean-Rigaud | lollspam@free.fr | Question | Linux | V3.1.4-283534d | Re: PAM authentication question | Hi,
Before le pam module link, yes.
After adding it, I wait some seconds before new login window popups with password error message.
| Jan Christoph Terasa wrote: |
|
Hi Laurent,
does the ELOG server show the window immediately before even showing the login mask?
Christoph
| Laurent Jean-Rigaud wrote: |
|
Hi,
First, thanks to ELOG tool !
I'm trying to swicth a ELOG 3.1.2 server with local passwd DB to GIT version builded with SSL/PAM/LDAP options. I reuse the buildrpm script which generates correctly RPM files.
After installing on EL6 x86_64 server, i update the elogd.conf file according to GIT version doc :
- Authentication = PAM
- Password file = /usr/local/elog/elog_users.pam (new file as i want to keep the old local DB)
- Self register = 3
I add a link for pam module :
$ ll /etc/pam.d/elogd
lrwxrwxrwx 1 root root 11 Jan 24 16:23 /etc/pam.d/elogd -> system-auth
elogd starts well
elogd 3.1.4 built Jan 24 2020, 07:34:02 revision 283534d
Config file : /usr/local/elog/elogd.cfg
Resource dir : /usr/local/elog/
Logbook dir : /usr/local/elog/logbooks/
Falling back to default group "elog"
Falling back to default user "elog"
CKeditor detected
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "convert -version" > /tmp/elog_okY7qv 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/bin/convert -version" > /tmp/elog_xBge3f 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/local/bin/convert -version" > /tmp/elog_GfKWF0 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/opt/local/bin/convert -version" > /tmp/elog_uZtajL 2>&1
ImageMagick NOT detected. Image scaling will not work.
Indexing logbook "logbook1" in "/usr/local/elog/logbooks/logbook1/" ... ok
Indexing logbook "logbook2" in "/usr/local/elog/logbooks/logbook2/" ... ok
Server listening on port 8080 ...
When i try to connect, ELOG login window shows "Invalid user name or password!" .
The logfile (level 9) shows :
24-Jan-2020 16:36:28 [IP] POST /logbook1/ HTTP/1.1
24-Jan-2020 16:36:28 [IP] {MCO} LOGIN user "toto" (attempt)
24-Jan-2020 16:36:28 [IP] {MCO} [PAM] Starting authentication for user toto
24-Jan-2020 16:36:29 [IP] {MCO} [PAM] Authentication not successful for user toto
The problem appears for all Linux users as well.
Does i miss something ?
Thanks for help.
Laurent
| David Wallis wrote: |
|
Hi Christoph,
Thanks for looking into this, if you can enable PAM + File, our users would be very happy!
The pam.d issue is probably related to CentOS/Red Hat, since our PAM expert warned me that it might be necessary.
| Jan Christoph Terasa wrote: |
| David Wallis wrote: |
|
I'm testing the PAM authentication feature, and have a couple questions, a suggestion, and a comment.
First the comment... it was pretty easy to get working, and is exactly what we need here, so thanks! Our PAM stack here is designed to allow logins with Active Directory, LDAP, or local accounts, so the PAM option preserves all of that.
The suggestion: In order to make it work, I had to add a symbolic link in /etc/pam.d:
elogd -> system-auth
That might be considered for addition to the documentation (this was on Red Hat Enterprise Linux 7.7)
The questions:
- The docs indicate that "Self register" must be set to >= 1, but in the code (elogd.c, line 26453), if the PAM module is enabled, Self register is overriden to 0. The result is that no "register as new user" link is displayed on the login screen. Is that the intent?
- Related... can PAM and File authentication both be enabled? We have some logbooks that are used by both internal people (with an A/D account) and outside collaborators that get local elog accounts. This works with LDAP + File, can it work with PAM?
Thanks in advance!
|
David, thank you for reporting on your findings regarding the PAM feature. I will look into the points you mentioned:
0. On my machines (Debian testing and stable) I did not have to add anything to /etc/pam.d, but apparently Debian just uses implicit defaults then, and REHL might insist on using excplicit settings. Adding a hint in the documentation is certainly useful, thank your for the suggestion. Maybe elog should provide a pam.d config file (which can be installed/adapted by package maintainers for various OSes).
1.+2. If I remember correctly, I intentionally disabled registration when using the PAM backend, because users will register using their passwd/LDAP/NIS users, and new users can only be regustered using the appropriate tools for the authentication mechanism used. This might not be correctly reflected in the docs, I will check that. In the light of question 2., I can also re-investigate that policy, so that logins will check against both the elog user database and PAM. Self-registering can then be enabled again, and new registrees will go to the elog database. I will try to bringthe code in line with how LDAP works.
regards,
Christoph
|
|
|
|
|
|
69102
|
Fri Jan 31 15:39:17 2020 |
| Laurent Jean-Rigaud | lollspam@free.fr | Question | Linux | V3.1.4-283534d | Re: PAM authentication question | FYI i added ACL on /etc/shadow file to allow elog user for reading. Testing from elog login shell is OK.
Any suggestion ?
| Laurent Jean-Rigaud wrote: |
|
Hi,
Before le pam module link, yes.
After adding it, I wait some seconds before new login window popups with password error message.
| Jan Christoph Terasa wrote: |
|
Hi Laurent,
does the ELOG server show the window immediately before even showing the login mask?
Christoph
| Laurent Jean-Rigaud wrote: |
|
Hi,
First, thanks to ELOG tool !
I'm trying to swicth a ELOG 3.1.2 server with local passwd DB to GIT version builded with SSL/PAM/LDAP options. I reuse the buildrpm script which generates correctly RPM files.
After installing on EL6 x86_64 server, i update the elogd.conf file according to GIT version doc :
- Authentication = PAM
- Password file = /usr/local/elog/elog_users.pam (new file as i want to keep the old local DB)
- Self register = 3
I add a link for pam module :
$ ll /etc/pam.d/elogd
lrwxrwxrwx 1 root root 11 Jan 24 16:23 /etc/pam.d/elogd -> system-auth
elogd starts well
elogd 3.1.4 built Jan 24 2020, 07:34:02 revision 283534d
Config file : /usr/local/elog/elogd.cfg
Resource dir : /usr/local/elog/
Logbook dir : /usr/local/elog/logbooks/
Falling back to default group "elog"
Falling back to default user "elog"
CKeditor detected
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "convert -version" > /tmp/elog_okY7qv 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/bin/convert -version" > /tmp/elog_xBge3f 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/local/bin/convert -version" > /tmp/elog_GfKWF0 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/opt/local/bin/convert -version" > /tmp/elog_uZtajL 2>&1
ImageMagick NOT detected. Image scaling will not work.
Indexing logbook "logbook1" in "/usr/local/elog/logbooks/logbook1/" ... ok
Indexing logbook "logbook2" in "/usr/local/elog/logbooks/logbook2/" ... ok
Server listening on port 8080 ...
When i try to connect, ELOG login window shows "Invalid user name or password!" .
The logfile (level 9) shows :
24-Jan-2020 16:36:28 [IP] POST /logbook1/ HTTP/1.1
24-Jan-2020 16:36:28 [IP] {MCO} LOGIN user "toto" (attempt)
24-Jan-2020 16:36:28 [IP] {MCO} [PAM] Starting authentication for user toto
24-Jan-2020 16:36:29 [IP] {MCO} [PAM] Authentication not successful for user toto
The problem appears for all Linux users as well.
Does i miss something ?
Thanks for help.
Laurent
| David Wallis wrote: |
|
Hi Christoph,
Thanks for looking into this, if you can enable PAM + File, our users would be very happy!
The pam.d issue is probably related to CentOS/Red Hat, since our PAM expert warned me that it might be necessary.
| Jan Christoph Terasa wrote: |
| David Wallis wrote: |
|
I'm testing the PAM authentication feature, and have a couple questions, a suggestion, and a comment.
First the comment... it was pretty easy to get working, and is exactly what we need here, so thanks! Our PAM stack here is designed to allow logins with Active Directory, LDAP, or local accounts, so the PAM option preserves all of that.
The suggestion: In order to make it work, I had to add a symbolic link in /etc/pam.d:
elogd -> system-auth
That might be considered for addition to the documentation (this was on Red Hat Enterprise Linux 7.7)
The questions:
- The docs indicate that "Self register" must be set to >= 1, but in the code (elogd.c, line 26453), if the PAM module is enabled, Self register is overriden to 0. The result is that no "register as new user" link is displayed on the login screen. Is that the intent?
- Related... can PAM and File authentication both be enabled? We have some logbooks that are used by both internal people (with an A/D account) and outside collaborators that get local elog accounts. This works with LDAP + File, can it work with PAM?
Thanks in advance!
|
David, thank you for reporting on your findings regarding the PAM feature. I will look into the points you mentioned:
0. On my machines (Debian testing and stable) I did not have to add anything to /etc/pam.d, but apparently Debian just uses implicit defaults then, and REHL might insist on using excplicit settings. Adding a hint in the documentation is certainly useful, thank your for the suggestion. Maybe elog should provide a pam.d config file (which can be installed/adapted by package maintainers for various OSes).
1.+2. If I remember correctly, I intentionally disabled registration when using the PAM backend, because users will register using their passwd/LDAP/NIS users, and new users can only be regustered using the appropriate tools for the authentication mechanism used. This might not be correctly reflected in the docs, I will check that. In the light of question 2., I can also re-investigate that policy, so that logins will check against both the elog user database and PAM. Self-registering can then be enabled again, and new registrees will go to the elog database. I will try to bringthe code in line with how LDAP works.
regards,
Christoph
|
|
|
|
|
|
|
2068
|
Fri Nov 10 07:46:27 2006 |
| Stefan Ritt | stefan.ritt@psi.ch | Info | Windows | V2.6.2-175 | Re: Outlook, Outlook Express and Free Webmail have problem with <br /> |
| An Thai wrote: | If users reply an entry, the notification email cannot be displayed correctly in Outlook, Outlook Express and Webmail.
I look at the source code and see <br />. It could be the reason. |
<br /> is XHTML standard and valid code. I do not have this problem in Mozilla Thunderbird. |
| Attachment 1: Capture.gif
|
|
|
2070
|
Fri Nov 10 12:55:38 2006 |
| Steve Jones | steve.jones@freescale.com | Info | Windows | V2.6.2-175 | Re: Outlook, Outlook Express and Free Webmail have problem with <br /> |
| Stefan Ritt wrote: |
| An Thai wrote: | If users reply an entry, the notification email cannot be displayed correctly in Outlook, Outlook Express and Webmail.
I look at the source code and see <br />. It could be the reason. |
<br /> is XHTML standard and valid code. I do not have this problem in Mozilla Thunderbird. |
| Quote: |
I've noticed teh same in Outlook and attribute it to MS' attempt to deal with HTML -- this was not an issue until a recent Outlook upgrade at our company.
The problem is with Outlook and MS' email clients.
|
|
|
681
|
Wed Sep 1 22:25:01 2004 |
 | Steve Jones | steve.jones@freescale.com | Question | Linux | 2.5.3 | Re: Options Items limits | > Hello friends,
>
> Exist some form to increase limits of items (100) in the Options List
>
>
>
> Thanks for any help
I believe only through an edit of the C code and a recompile, as the values
are set as constants. I think this might be the line:
#define MAX_N_LIST 100
So, yes, there exists a way and the ease of this way is dependent upon your
comfort level with changing stefan's code. |
|
686
|
Tue Sep 7 17:49:50 2004 |
 | Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.5.3 | Re: Options Items limits | > > Hello friends,
> >
> > Exist some form to increase limits of items (100) in the Options List
> >
> >
> >
> > Thanks for any help
>
> I believe only through an edit of the C code and a recompile, as the values
> are set as constants. I think this might be the line:
>
> #define MAX_N_LIST 100
>
> So, yes, there exists a way and the ease of this way is dependent upon your
> comfort level with changing stefan's code.
Agree. The only potential problem is that if this value becomes too big, you
will get a stack overflow from time to time. So best is experiment yourself a
bit. A avlue of 150 or so should be no problem.
- Stefan |
|
66193
|
Fri Feb 6 10:58:14 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Windows | 2.7.5 | Re: Options Category : User\Admin |
| Kim Rosmo wrote: |
|
Hi :)
First i have to say that i love this exelent program,
and that it saved me Hours of trouble using it ^^
Thanks Stefan Ritt :)
Now.. here is my problem :P
1. I was wondering if there is a possibility to have separate 'Options Category'.. One for Admin and one for User?
If it is possible, can i have an example?
|
This is unfortunately not possible. All users see the same options.
| Kim Rosmo wrote: |
|
2. How can i arrange pictures in the main window, f.eks 1 picture in center, to the right or wherever i want?
|
You can put the pictures in a table, and align the table cells accordingly. Here is an example:
Now you can make the border invisible by setting "border=0". This however can only be done in the HTML mode, so you have to switch using the top left icon "Show HTML source code" and then manually edit the code. This requires some basic HTML knowledge. The result will look like this:
|
|
66194
|
Fri Feb 6 11:42:40 2009 |
| Kim Rosmo | kiros2@gmail.com | Question | Windows | 2.7.5 | Re: Options Category : User\Admin |
| Stefan Ritt wrote: |
| Kim Rosmo wrote: |
|
Hi :)
First i have to say that i love this exelent program,
and that it saved me Hours of trouble using it ^^
Thanks Stefan Ritt :)
Now.. here is my problem :P
1. I was wondering if there is a possibility to have separate 'Options Category'.. One for Admin and one for User?
If it is possible, can i have an example?
|
This is unfortunately not possible. All users see the same options.
| Kim Rosmo wrote: |
|
2. How can i arrange pictures in the main window, f.eks 1 picture in center, to the right or wherever i want?
|
You can put the pictures in a table, and align the table cells accordingly. Here is an example:
Now you can make the border invisible by setting "border=0". This however can only be done in the HTML mode, so you have to switch using the top left icon "Show HTML source code" and then manually edit the code. This requires some basic HTML knowledge. The result will look like this:
|
Thanks for a fast reply :)
Its a lot of html tutorials on the net, so i think i will make it with the tables ^^
Regarding the 'Options Category' I can live with it... I have removed edit mode in User, so only Admin can delete or edit.
One last question.. Background color possible? (Not Style)
Kim R |
|