| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
66862
|
Wed Jul 28 16:38:07 2010 |
 | Stefan Ritt | stefan.ritt@psi.ch | Bug report | Windows | 2.7.8 | Re: More adventures with SSL |
| Chuck Brost wrote: |
|
Stefan,
Everything has been working great since we last spoke (Version 2.7.8), until InfoSec decided to change how the Certs were created. Now they come with a little bit of code in the .key file before the Hash.. when I put the new .CRT and .KEY in the SSL folder I am asked on starting Elogd to provide a "PEM PassPhrase". As you can expect, if you do not enter one, or the incorrect one, it does not just turn off SSL, it exits the program. The key begins like this in the new versions:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,ACF4A8B263EAA51D
(that little encode piece on the end is not the actual one in the key. I am assuming it is a passphrase key so it will know what the right passphrase is that should be entered.
We are assuming that this is the "Install password" they have set up to use to install the certs on all of the IIS servers we have. If that is indeed the case.. Does elog save this passphrase somewhere? does Elog save it in the registry? does it save it encrypted? Or with access security permissions set on the keys? I have a feeling that the answer to most of this is probably "no", but to know where we go from here, that is the place to start.
Thanks
Chuck
|
The pass phrase should not be stored anywhere for security reasons. Actually ELOG cannot stored it encrypted, because strong encryption is a one-way encryption which cannot be reverted, so ELOG would have to store it in plain text, which is not good. Actually all SSL web servers have this problem. See for example:
http://www.akadia.com/services/ssh_test_certificate.html
In Step 3 they tell you how to remove the pass phrase for Apache. The same holds true for ELOG. |
|
66865
|
Wed Jul 28 17:08:55 2010 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.7.8 | Re: Subst variables and Execute |
| soren poulsen wrote: |
|
There is sometimes a problem with substitutions like "Execute delete = echo $message id".
It seems the problem is that if you delete a logbook entry that is not created with the current logbook attributes, the substitution variables are replaced with the variable name, and not the variable value.
In this example, according to the log file it becomes SHELL "message id" instead of SHELL "234", if the logbook entry is 234.
Soren
|
I tried to reproduce it, but it always worked for me. So I need a step-by-step instruction from you on how to reproduce the problem, ideally starting from the demo logbook from the distribution. Only if I can reproduce the problem, I will be able to fix it. |
|
66871
|
Thu Jul 29 13:45:47 2010 |
| soren poulsen | soren.poulsen@cern.ch | Question | Linux | 2.7.8 | Re: Subst variables and Execute |
| Stefan Ritt wrote: |
|
| soren poulsen wrote: |
|
There is sometimes a problem with substitutions like "Execute delete = echo $message id".
It seems the problem is that if you delete a logbook entry that is not created with the current logbook attributes, the substitution variables are replaced with the variable name, and not the variable value.
In this example, according to the log file it becomes SHELL "message id" instead of SHELL "234", if the logbook entry is 234.
Soren
|
I tried to reproduce it, but it always worked for me. So I need a step-by-step instruction from you on how to reproduce the problem, ideally starting from the demo logbook from the distribution. Only if I can reproduce the problem, I will be able to fix it.
|
It is of course my job to reproduce it (and explain how-to). Thanks for your consideration. |
|
66880
|
Thu Aug 19 22:58:45 2010 |
 | Dennis Seitz | dseitz@berkeley.edu | Bug report | All | 2.7.8 | Elog v2.7.8 does not show substituted attributes while editing or replying |
Since we updated to 2.7.8 we've found a problem.
Previously, when we used
Subst on reply subject = Re: $subject
The new "Re: " text would appear in the "subject" field while the user was editing their reply, and they could edit or delete it.
Since 2.7.8, however, it does not appear while editing, but shows up only after the user submits their entry. We would prefer that this appears while the user is editing, because in some cases we want the users to have the option to modify this text. Was this intentional? Is there a way to restore the previous functionality?
Thank you! |
|
66881
|
Wed Aug 25 02:49:44 2010 |
| Owen LaGarde | olagarde@gmail.com | Question | Linux | 2.7.8 | honor "user" field in the Apache SSL request object or environment variables in SSL process groups? |
Will elog defer user identification and authorization to the ssl engine of a *local* Apache proxy? I'd like to try elog in a site that requires the service port positively authenticate and identify users via smartcard certificate ID. Per SOP they have Apache+mod_ssl setting SSLUserName=SSL_CLIENT_S_DN_CN which sets both the SSL request object's "user" field and the REMOTE_USER environment var relative to the mod_ssl's session's process group leader. Users auth with Apache's mod_ssl as a single-signon replacement for web apps which have traditional native, internal user accounts/passwords, but those passwords are subsumed by the Apache/smartcard/mod_ssl setup. The web apps define internal accounts matching the users' cert IDs but do not allow any management of the [unused] passwords. Can elog do this? |
|
66889
|
Fri Sep 3 14:25:37 2010 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Bug report | All | 2.7.8 | Re: Elog v2.7.8 does not show substituted attributes while editing or replying |
| Dennis Seitz wrote: |
|
Since we updated to 2.7.8 we've found a problem.
Previously, when we used
Subst on reply subject = Re: $subject
The new "Re: " text would appear in the "subject" field while the user was editing their reply, and they could edit or delete it.
Since 2.7.8, however, it does not appear while editing, but shows up only after the user submits their entry. We would prefer that this appears while the user is editing, because in some cases we want the users to have the option to modify this text. Was this intentional? Is there a way to restore the previous functionality?[...]
|
Sorry, that appears to be an undocumented bug fix :-)
The desired behaviour should be created by
Preset on reply subject = Re: $subject
The command "Subst" is supposed to overwrite the field after it is submitted.
From the documentation you will even find a nicer possibility:
Preset on first reply Subject = Re: $Subject
The prevent replies to build a long chain of "Re: Re: Re: ...."
Cheers Andreas |
|
66904
|
Wed Sep 15 01:04:21 2010 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.7.8 | Re: honor "user" field in the Apache SSL request object or environment variables in SSL process groups? |
| Owen LaGarde wrote: |
|
Will elog defer user identification and authorization to the ssl engine of a *local* Apache proxy? I'd like to try elog in a site that requires the service port positively authenticate and identify users via smartcard certificate ID. Per SOP they have Apache+mod_ssl setting SSLUserName=SSL_CLIENT_S_DN_CN which sets both the SSL request object's "user" field and the REMOTE_USER environment var relative to the mod_ssl's session's process group leader. Users auth with Apache's mod_ssl as a single-signon replacement for web apps which have traditional native, internal user accounts/passwords, but those passwords are subsumed by the Apache/smartcard/mod_ssl setup. The web apps define internal accounts matching the users' cert IDs but do not allow any management of the [unused] passwords. Can elog do this?
|
This is not implemented at the moment. |
|
66926
|
Tue Nov 9 19:28:53 2010 |
| harley | h9s@ornl.gov | Question | Mac OSX | 2.7.8 | Execute a python command? |
Is there a way to add a button to the elog interface which would execute a python command? |