| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
69099
|
Fri Jan 31 15:17:04 2020 |
 | Laurent Jean-Rigaud | lollspam@free.fr | Bug report | Linux | 3.14 RPM | Elogd crashes on search | OS: CentOS 7 x86_64 up2date with RPM 3.14 x86_64
- Connexion to ELOG
- open one logbook and click search,
- input "test" and click "Search" : BOOM
- Firefox can not connect anymore on ELOG.
The crash is met with several words now ("test", "post", "4.5", are the one i know). We use a mirror server and the problem appears also on it .
NB: the hangs appears on EL6 x86_64 server with customized RPM built by myself. I retry with 3.14 SRPMS avalaible from ELOG site with same results. Idem with last GIT version. So i tested on EL7 with official RPM x86_64 (not suitable for EL6 as it needs GLIBC_2.14) before to open this ticket.
Terminal traces on server side follows.
[root@localhost /]# /usr/local/sbin/elogd -c /usr/local/elog/elogd.cfg 2>&1
elogd 3.1.4 built Sep 26 2018, 13:14:57 revision 966e3dd
File "/var/run/elogd.pid" exists, using "/var/run/elogd.pid.8080" instead.
Falling back to default group "elog"
Falling back to default user "elog"
CKeditor detected
Falling back to default group "elog"
Falling back to default user "elog"
Falling back to default group "elog"
Falling back to default user "elog"
Falling back to default group "elog"
Falling back to default user "elog"
Falling back to default group "elog"
Falling back to default user "elog"
ImageMagick NOT detected. Image scaling will not work.
Indexing logbooks ... done
Server listening on port 8080 ...
*** Error in `/usr/local/sbin/elogd': free(): invalid next size (normal): 0x0000000001c59310 ***
======= Backtrace: =========
/lib64/libc.so.6(+0x81679)[0x7f45a898f679]
/usr/local/sbin/elogd[0x45e756]
/usr/local/sbin/elogd[0x4824b0]
/usr/local/sbin/elogd[0x4a69b1]
/usr/local/sbin/elogd[0x4a7023]
/usr/local/sbin/elogd[0x4a954a]
/usr/local/sbin/elogd[0x4ac9d3]
/usr/local/sbin/elogd[0x4035a6]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7f45a8930505]
/usr/local/sbin/elogd[0x4044d3]
======= Memory map: ========
00400000-004e3000 r-xp 00000000 fd:00 52822202 /usr/local/sbin/elogd
006e2000-006e3000 r--p 000e2000 fd:00 52822202 /usr/local/sbin/elogd
006e3000-007c4000 rw-p 000e3000 fd:00 52822202 /usr/local/sbin/elogd
007c4000-0173a000 rw-p 00000000 00:00 0
01a66000-01c8f000 rw-p 00000000 00:00 0 [heap]
7f459bdea000-7f459bdff000 r-xp 00000000 fd:00 84 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f459bdff000-7f459bffe000 ---p 00015000 fd:00 84 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f459bffe000-7f459bfff000 r--p 00014000 fd:00 84 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f459bfff000-7f459c000000 rw-p 00015000 fd:00 84 /usr/lib64/libgcc_s-4.8.5-20150702.so.1
7f459c000000-7f459c021000 rw-p 00000000 00:00 0
7f459c021000-7f45a0000000 ---p 00000000 00:00 0
7f45a010c000-7f45a0114000 r-xp 00000000 fd:00 1598592 /usr/lib64/libnss_sss.so.2
7f45a0114000-7f45a0313000 ---p 00008000 fd:00 1598592 /usr/lib64/libnss_sss.so.2
7f45a0313000-7f45a0314000 r--p 00007000 fd:00 1598592 /usr/lib64/libnss_sss.so.2
7f45a0314000-7f45a0315000 rw-p 00008000 fd:00 1598592 /usr/lib64/libnss_sss.so.2
7f45a0315000-7f45a0321000 r-xp 00000000 fd:00 22487 /usr/lib64/libnss_files-2.17.so
7f45a0321000-7f45a0520000 ---p 0000c000 fd:00 22487 /usr/lib64/libnss_files-2.17.so
7f45a0520000-7f45a0521000 r--p 0000b000 fd:00 22487 /usr/lib64/libnss_files-2.17.so
7f45a0521000-7f45a0522000 rw-p 0000c000 fd:00 22487 /usr/lib64/libnss_files-2.17.so
7f45a0522000-7f45a0528000 rw-p 00000000 00:00 0
7f45a0528000-7f45a6a52000 r--p 00000000 fd:00 50336362 /usr/lib/locale/locale-archive
7f45a6a52000-7f45a6ab2000 r-xp 00000000 fd:00 22554 /usr/lib64/libpcre.so.1.2.0
7f45a6ab2000-7f45a6cb2000 ---p 00060000 fd:00 22554 /usr/lib64/libpcre.so.1.2.0
7f45a6cb2000-7f45a6cb3000 r--p 00060000 fd:00 22554 /usr/lib64/libpcre.so.1.2.0
7f45a6cb3000-7f45a6cb4000 rw-p 00061000 fd:00 22554 /usr/lib64/libpcre.so.1.2.0
7f45a6cb4000-7f45a6cd8000 r-xp 00000000 fd:00 40935 /usr/lib64/libselinux.so.1
7f45a6cd8000-7f45a6ed7000 ---p 00024000 fd:00 40935 /usr/lib64/libselinux.so.1
7f45a6ed7000-7f45a6ed8000 r--p 00023000 fd:00 40935 /usr/lib64/libselinux.so.1
7f45a6ed8000-7f45a6ed9000 rw-p 00024000 fd:00 40935 /usr/lib64/libselinux.so.1
7f45a6ed9000-7f45a6edb000 rw-p 00000000 00:00 0
7f45a6edb000-7f45a6ef2000 r-xp 00000000 fd:00 22495 /usr/lib64/libpthread-2.17.so
7f45a6ef2000-7f45a70f1000 ---p 00017000 fd:00 22495 /usr/lib64/libpthread-2.17.so
7f45a70f1000-7f45a70f2000 r--p 00016000 fd:00 22495 /usr/lib64/libpthread-2.17.so
7f45a70f2000-7f45a70f3000 rw-p 00017000 fd:00 22495 /usr/lib64/libpthread-2.17.so
7f45a70f3000-7f45a70f7000 rw-p 00000000 00:00 0
7f45a70f7000-7f45a710d000 r-xp 00000000 fd:00 22497 /usr/lib64/libresolv-2.17.so
7f45a710d000-7f45a730c000 ---p 00016000 fd:00 22497 /usr/lib64/libresolv-2.17.so
7f45a730c000-7f45a730d000 r--p 00015000 fd:00 22497 /usr/lib64/libresolv-2.17.so
7f45a730d000-7f45a730e000 rw-p 00016000 fd:00 22497 /usr/lib64/libresolv-2.17.so
7f45a730e000-7f45a7310000 rw-p 00000000 00:00 0
7f45a7310000-7f45a7313000 r-xp 00000000 fd:00 62649 /usr/lib64/libkeyutils.so.1.5
7f45a7313000-7f45a7512000 ---p 00003000 fd:00 62649 /usr/lib64/libkeyutils.so.1.5
7f45a7512000-7f45a7513000 r--p 00002000 fd:00 62649 /usr/lib64/libkeyutils.so.1.5
7f45a7513000-7f45a7514000 rw-p 00003000 fd:00 62649 /usr/lib64/libkeyutils.so.1.5
7f45a7514000-7f45a7522000 r-xp 00000000 fd:00 321861 /usr/lib64/libkrb5support.so.0.1
7f45a7522000-7f45a7722000 ---p 0000e000 fd:00 321861 /usr/lib64/libkrb5support.so.0.1
7f45a7722000-7f45a7723000 r--p 0000e000 fd:00 321861 /usr/lib64/libkrb5support.so.0.1
7f45a7723000-7f45a7724000 rw-p 0000f000 fd:00 321861 /usr/lib64/libkrb5support.so.0.1
7f45a7724000-7f45a7739000 r-xp 00000000 fd:00 40937 /usr/lib64/libz.so.1.2.7
7f45a7739000-7f45a7938000 ---p 00015000 fd:00 40937 /usr/lib64/libz.so.1.2.7
7f45a7938000-7f45a7939000 r--p 00014000 fd:00 40937 /usr/lib64/libz.so.1.2.7
7f45a7939000-7f45a793a000 rw-p 00015000 fd:00 40937 /usr/lib64/libz.so.1.2.7
7f45a793a000-7f45a793c000 r-xp 00000000 fd:00 22475 /usr/lib64/libdl-2.17.so
7f45a793c000-7f45a7b3c000 ---p 00002000 fd:00 22475 /usr/lib64/libdl-2.17.so
7f45a7b3c000-7f45a7b3d000 r--p 00002000 fd:00 22475 /usr/lib64/libdl-2.17.so
7f45a7b3d000-7f45a7b3e000 rw-p 00003000 fd:00 22475 /usr/lib64/libdl-2.17.so
7f45a7b3e000-7f45a7d74000 r-xp 00000000 fd:00 303887 /usr/lib64/libcrypto.so.1.0.2k
7f45a7d74000-7f45a7f74000 ---p 00236000 fd:00 303887 /usr/lib64/libcrypto.so.1.0.2k
7f45a7f74000-7f45a7f90000 r--p 00236000 fd:00 303887 /usr/lib64/libcrypto.so.1.0.2k
7f45a7f90000-7f45a7f9d000 rw-p 00252000 fd:00 303887 /usr/lib64/libcrypto.so.1.0.2k
7f45a7f9d000-7f45a7fa1000 rw-p 00000000 00:00 0
7f45a7fa1000-7f45a7fd2000 r-xp 00000000 fd:00 321856 /usr/lib64/libk5crypto.so.3.1
Abandon [sorry, French locale]
Logbook contains 445 entries (shown in ELOG window), 384 files and 4 folders (2017 to 2020).
Thanks for help as i start to be annoying to unuse search function.
|
|
69096
|
Mon Jan 27 08:46:39 2020 |
 | Sara Vanini | vanini.sara@gmail.com | Question | Linux | Windows | 3.1.3 | Re: local usage on windows + Linux virtual machine | Thanks John. I found the linux IP address with ifconfig, type it on my windows machine with the port number, but it doesn't work, the error is "website not found"... what else could I try?
Regards
Sara
| John wrote: |
|
Elog does not access the outside world by default. With the VM I suppose just access it via the Linux local ip address (and port).
| Sara Vanini wrote: |
|
Hello again,
I love to use elog, but I don't need any other accessing it for the moment. So, it is possible to run elog locally on my PC, and make it not accessible from outside?
Moreover, I installed elog on a linux virtual machine running with Virtual Box on Windows 10. Is it possible to open/edit my elog both from the linux VM and from the Windows system? without any accessibility from outside my PC?
Many many thanks
Sara
|
|
|
|
69095
|
Fri Jan 24 21:50:37 2020 |
| Ehab Fanous | efanous@lh.ca | Request | Windows | 3.1.4 | Re: HTML editor tools grayed out | We just tested eLog and it works in Chrome but not in IE .. Is it a setting issue that we need to chnage on IE ?!
| Stefan Ritt wrote: |
|
This typically happens if you update only the executabe and not the full directory tree with the ELOG JavaScript files.
/Stefan
| Ehab Fanous wrote: |
|
After we upgarde to eLog 3.1.4 ... The HTML editor tools are grayed out and you can't paste any images in the body of the log like I did below.. Any help will be much appreciated..
|
|
|
|
69094
|
Fri Jan 24 21:04:51 2020 |
| John | secondcomingtechnologies@fastmail.com | Question | Linux | Windows | 3.1.3 | Re: local usage on windows + Linux virtual machine | Elog does not access the outside world by default. With the VM I suppose just access it via the Linux local ip address (and port).
| Sara Vanini wrote: |
|
Hello again,
I love to use elog, but I don't need any other accessing it for the moment. So, it is possible to run elog locally on my PC, and make it not accessible from outside?
Moreover, I installed elog on a linux virtual machine running with Virtual Box on Windows 10. Is it possible to open/edit my elog both from the linux VM and from the Windows system? without any accessibility from outside my PC?
Many many thanks
Sara
|
|
|
69093
|
Fri Jan 24 18:22:52 2020 |
| Laurent Jean-Rigaud | lollspam@free.fr | Question | Linux | V3.1.4-283534d | Re: PAM authentication question | Hi,
Before le pam module link, yes.
After adding it, I wait some seconds before new login window popups with password error message.
| Jan Christoph Terasa wrote: |
|
Hi Laurent,
does the ELOG server show the window immediately before even showing the login mask?
Christoph
| Laurent Jean-Rigaud wrote: |
|
Hi,
First, thanks to ELOG tool !
I'm trying to swicth a ELOG 3.1.2 server with local passwd DB to GIT version builded with SSL/PAM/LDAP options. I reuse the buildrpm script which generates correctly RPM files.
After installing on EL6 x86_64 server, i update the elogd.conf file according to GIT version doc :
- Authentication = PAM
- Password file = /usr/local/elog/elog_users.pam (new file as i want to keep the old local DB)
- Self register = 3
I add a link for pam module :
$ ll /etc/pam.d/elogd
lrwxrwxrwx 1 root root 11 Jan 24 16:23 /etc/pam.d/elogd -> system-auth
elogd starts well
elogd 3.1.4 built Jan 24 2020, 07:34:02 revision 283534d
Config file : /usr/local/elog/elogd.cfg
Resource dir : /usr/local/elog/
Logbook dir : /usr/local/elog/logbooks/
Falling back to default group "elog"
Falling back to default user "elog"
CKeditor detected
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "convert -version" > /tmp/elog_okY7qv 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/bin/convert -version" > /tmp/elog_xBge3f 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/local/bin/convert -version" > /tmp/elog_GfKWF0 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/opt/local/bin/convert -version" > /tmp/elog_uZtajL 2>&1
ImageMagick NOT detected. Image scaling will not work.
Indexing logbook "logbook1" in "/usr/local/elog/logbooks/logbook1/" ... ok
Indexing logbook "logbook2" in "/usr/local/elog/logbooks/logbook2/" ... ok
Server listening on port 8080 ...
When i try to connect, ELOG login window shows "Invalid user name or password!" .
The logfile (level 9) shows :
24-Jan-2020 16:36:28 [IP] POST /logbook1/ HTTP/1.1
24-Jan-2020 16:36:28 [IP] {MCO} LOGIN user "toto" (attempt)
24-Jan-2020 16:36:28 [IP] {MCO} [PAM] Starting authentication for user toto
24-Jan-2020 16:36:29 [IP] {MCO} [PAM] Authentication not successful for user toto
The problem appears for all Linux users as well.
Does i miss something ?
Thanks for help.
Laurent
| David Wallis wrote: |
|
Hi Christoph,
Thanks for looking into this, if you can enable PAM + File, our users would be very happy!
The pam.d issue is probably related to CentOS/Red Hat, since our PAM expert warned me that it might be necessary.
| Jan Christoph Terasa wrote: |
| David Wallis wrote: |
|
I'm testing the PAM authentication feature, and have a couple questions, a suggestion, and a comment.
First the comment... it was pretty easy to get working, and is exactly what we need here, so thanks! Our PAM stack here is designed to allow logins with Active Directory, LDAP, or local accounts, so the PAM option preserves all of that.
The suggestion: In order to make it work, I had to add a symbolic link in /etc/pam.d:
elogd -> system-auth
That might be considered for addition to the documentation (this was on Red Hat Enterprise Linux 7.7)
The questions:
- The docs indicate that "Self register" must be set to >= 1, but in the code (elogd.c, line 26453), if the PAM module is enabled, Self register is overriden to 0. The result is that no "register as new user" link is displayed on the login screen. Is that the intent?
- Related... can PAM and File authentication both be enabled? We have some logbooks that are used by both internal people (with an A/D account) and outside collaborators that get local elog accounts. This works with LDAP + File, can it work with PAM?
Thanks in advance!
|
David, thank you for reporting on your findings regarding the PAM feature. I will look into the points you mentioned:
0. On my machines (Debian testing and stable) I did not have to add anything to /etc/pam.d, but apparently Debian just uses implicit defaults then, and REHL might insist on using excplicit settings. Adding a hint in the documentation is certainly useful, thank your for the suggestion. Maybe elog should provide a pam.d config file (which can be installed/adapted by package maintainers for various OSes).
1.+2. If I remember correctly, I intentionally disabled registration when using the PAM backend, because users will register using their passwd/LDAP/NIS users, and new users can only be regustered using the appropriate tools for the authentication mechanism used. This might not be correctly reflected in the docs, I will check that. In the light of question 2., I can also re-investigate that policy, so that logins will check against both the elog user database and PAM. Self-registering can then be enabled again, and new registrees will go to the elog database. I will try to bringthe code in line with how LDAP works.
regards,
Christoph
|
|
|
|
|
|
69092
|
Fri Jan 24 18:13:03 2020 |
| Jan Christoph Terasa | terasa@physik.uni-kiel.de | Question | Linux | V3.1.4-283534d | Re: PAM authentication question | Hi Laurent,
does the ELOG server show the window immediately before even showing the login mask?
Christoph
| Laurent Jean-Rigaud wrote: |
|
Hi,
First, thanks to ELOG tool !
I'm trying to swicth a ELOG 3.1.2 server with local passwd DB to GIT version builded with SSL/PAM/LDAP options. I reuse the buildrpm script which generates correctly RPM files.
After installing on EL6 x86_64 server, i update the elogd.conf file according to GIT version doc :
- Authentication = PAM
- Password file = /usr/local/elog/elog_users.pam (new file as i want to keep the old local DB)
- Self register = 3
I add a link for pam module :
$ ll /etc/pam.d/elogd
lrwxrwxrwx 1 root root 11 Jan 24 16:23 /etc/pam.d/elogd -> system-auth
elogd starts well
elogd 3.1.4 built Jan 24 2020, 07:34:02 revision 283534d
Config file : /usr/local/elog/elogd.cfg
Resource dir : /usr/local/elog/
Logbook dir : /usr/local/elog/logbooks/
Falling back to default group "elog"
Falling back to default user "elog"
CKeditor detected
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "convert -version" > /tmp/elog_okY7qv 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/bin/convert -version" > /tmp/elog_xBge3f 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/local/bin/convert -version" > /tmp/elog_GfKWF0 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/opt/local/bin/convert -version" > /tmp/elog_uZtajL 2>&1
ImageMagick NOT detected. Image scaling will not work.
Indexing logbook "logbook1" in "/usr/local/elog/logbooks/logbook1/" ... ok
Indexing logbook "logbook2" in "/usr/local/elog/logbooks/logbook2/" ... ok
Server listening on port 8080 ...
When i try to connect, ELOG login window shows "Invalid user name or password!" .
The logfile (level 9) shows :
24-Jan-2020 16:36:28 [IP] POST /logbook1/ HTTP/1.1
24-Jan-2020 16:36:28 [IP] {MCO} LOGIN user "toto" (attempt)
24-Jan-2020 16:36:28 [IP] {MCO} [PAM] Starting authentication for user toto
24-Jan-2020 16:36:29 [IP] {MCO} [PAM] Authentication not successful for user toto
The problem appears for all Linux users as well.
Does i miss something ?
Thanks for help.
Laurent
| David Wallis wrote: |
|
Hi Christoph,
Thanks for looking into this, if you can enable PAM + File, our users would be very happy!
The pam.d issue is probably related to CentOS/Red Hat, since our PAM expert warned me that it might be necessary.
| Jan Christoph Terasa wrote: |
| David Wallis wrote: |
|
I'm testing the PAM authentication feature, and have a couple questions, a suggestion, and a comment.
First the comment... it was pretty easy to get working, and is exactly what we need here, so thanks! Our PAM stack here is designed to allow logins with Active Directory, LDAP, or local accounts, so the PAM option preserves all of that.
The suggestion: In order to make it work, I had to add a symbolic link in /etc/pam.d:
elogd -> system-auth
That might be considered for addition to the documentation (this was on Red Hat Enterprise Linux 7.7)
The questions:
- The docs indicate that "Self register" must be set to >= 1, but in the code (elogd.c, line 26453), if the PAM module is enabled, Self register is overriden to 0. The result is that no "register as new user" link is displayed on the login screen. Is that the intent?
- Related... can PAM and File authentication both be enabled? We have some logbooks that are used by both internal people (with an A/D account) and outside collaborators that get local elog accounts. This works with LDAP + File, can it work with PAM?
Thanks in advance!
|
David, thank you for reporting on your findings regarding the PAM feature. I will look into the points you mentioned:
0. On my machines (Debian testing and stable) I did not have to add anything to /etc/pam.d, but apparently Debian just uses implicit defaults then, and REHL might insist on using excplicit settings. Adding a hint in the documentation is certainly useful, thank your for the suggestion. Maybe elog should provide a pam.d config file (which can be installed/adapted by package maintainers for various OSes).
1.+2. If I remember correctly, I intentionally disabled registration when using the PAM backend, because users will register using their passwd/LDAP/NIS users, and new users can only be regustered using the appropriate tools for the authentication mechanism used. This might not be correctly reflected in the docs, I will check that. In the light of question 2., I can also re-investigate that policy, so that logins will check against both the elog user database and PAM. Self-registering can then be enabled again, and new registrees will go to the elog database. I will try to bringthe code in line with how LDAP works.
regards,
Christoph
|
|
|
|
|
69091
|
Fri Jan 24 17:33:14 2020 |
| Laurent Jean-Rigaud | lollspam@free.fr | Question | Linux | V3.1.4-283534d | Re: PAM authentication question | Hi,
First, thanks to ELOG tool !
I'm trying to swicth a ELOG 3.1.2 server with local passwd DB to GIT version builded with SSL/PAM/LDAP options. I reuse the buildrpm script which generates correctly RPM files.
After installing on EL6 x86_64 server, i update the elogd.conf file according to GIT version doc :
- Authentication = PAM
- Password file = /usr/local/elog/elog_users.pam (new file as i want to keep the old local DB)
- Self register = 3
I add a link for pam module :
$ ll /etc/pam.d/elogd
lrwxrwxrwx 1 root root 11 Jan 24 16:23 /etc/pam.d/elogd -> system-auth
elogd starts well
elogd 3.1.4 built Jan 24 2020, 07:34:02 revision 283534d
Config file : /usr/local/elog/elogd.cfg
Resource dir : /usr/local/elog/
Logbook dir : /usr/local/elog/logbooks/
Falling back to default group "elog"
Falling back to default user "elog"
CKeditor detected
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "convert -version" > /tmp/elog_okY7qv 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/bin/convert -version" > /tmp/elog_xBge3f 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/usr/local/bin/convert -version" > /tmp/elog_GfKWF0 2>&1
Falling back to default group "elog"
Falling back to default user "elog"
Going to execute: /bin/sh -c "/opt/local/bin/convert -version" > /tmp/elog_uZtajL 2>&1
ImageMagick NOT detected. Image scaling will not work.
Indexing logbook "logbook1" in "/usr/local/elog/logbooks/logbook1/" ... ok
Indexing logbook "logbook2" in "/usr/local/elog/logbooks/logbook2/" ... ok
Server listening on port 8080 ...
When i try to connect, ELOG login window shows "Invalid user name or password!" .
The logfile (level 9) shows :
24-Jan-2020 16:36:28 [IP] POST /logbook1/ HTTP/1.1
24-Jan-2020 16:36:28 [IP] {MCO} LOGIN user "toto" (attempt)
24-Jan-2020 16:36:28 [IP] {MCO} [PAM] Starting authentication for user toto
24-Jan-2020 16:36:29 [IP] {MCO} [PAM] Authentication not successful for user toto
The problem appears for all Linux users as well.
Does i miss something ?
Thanks for help.
Laurent
| David Wallis wrote: |
|
Hi Christoph,
Thanks for looking into this, if you can enable PAM + File, our users would be very happy!
The pam.d issue is probably related to CentOS/Red Hat, since our PAM expert warned me that it might be necessary.
| Jan Christoph Terasa wrote: |
| David Wallis wrote: |
|
I'm testing the PAM authentication feature, and have a couple questions, a suggestion, and a comment.
First the comment... it was pretty easy to get working, and is exactly what we need here, so thanks! Our PAM stack here is designed to allow logins with Active Directory, LDAP, or local accounts, so the PAM option preserves all of that.
The suggestion: In order to make it work, I had to add a symbolic link in /etc/pam.d:
elogd -> system-auth
That might be considered for addition to the documentation (this was on Red Hat Enterprise Linux 7.7)
The questions:
- The docs indicate that "Self register" must be set to >= 1, but in the code (elogd.c, line 26453), if the PAM module is enabled, Self register is overriden to 0. The result is that no "register as new user" link is displayed on the login screen. Is that the intent?
- Related... can PAM and File authentication both be enabled? We have some logbooks that are used by both internal people (with an A/D account) and outside collaborators that get local elog accounts. This works with LDAP + File, can it work with PAM?
Thanks in advance!
|
David, thank you for reporting on your findings regarding the PAM feature. I will look into the points you mentioned:
0. On my machines (Debian testing and stable) I did not have to add anything to /etc/pam.d, but apparently Debian just uses implicit defaults then, and REHL might insist on using excplicit settings. Adding a hint in the documentation is certainly useful, thank your for the suggestion. Maybe elog should provide a pam.d config file (which can be installed/adapted by package maintainers for various OSes).
1.+2. If I remember correctly, I intentionally disabled registration when using the PAM backend, because users will register using their passwd/LDAP/NIS users, and new users can only be regustered using the appropriate tools for the authentication mechanism used. This might not be correctly reflected in the docs, I will check that. In the light of question 2., I can also re-investigate that policy, so that logins will check against both the elog user database and PAM. Self-registering can then be enabled again, and new registrees will go to the elog database. I will try to bringthe code in line with how LDAP works.
regards,
Christoph
|
|
|
|
69090
|
Fri Jan 24 14:56:56 2020 |
 | Sara Vanini | vanini.sara@gmail.com | Question | Linux | Windows | 3.1.3 | local usage on windows + Linux virtual machine | Hello again,
I love to use elog, but I don't need any other accessing it for the moment. So, it is possible to run elog locally on my PC, and make it not accessible from outside?
Moreover, I installed elog on a linux virtual machine running with Virtual Box on Windows 10. Is it possible to open/edit my elog both from the linux VM and from the Windows system? without any accessibility from outside my PC?
Many many thanks
Sara |
|