| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
68700
|
Sat Nov 18 19:36:57 2017 |
 | Andreas Luedeke | andreas.luedeke@psi.ch | Question | Linux | 3.1.2-bd7 | Re: hosts allow | Hi Susan,
according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
Hosts allow = <list>Hosts deny = <list>
These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:
- Access will be granted when a host matches a pattern in "hosts allow".
- Otherwise, access will be denied when a host matches a pattern in "hosts deny".
- Otherwise, access will be granted.
These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.
| Susan James wrote: |
|
I'm trying to wrap our elog instance to our company domain which is lbl.gov
I add this entry below (without quotes) to elogd.cfg and it's not working. the world can see our logbooks
" Hosts Allow = *.lbl.gov ".
can someone help?
|
|
|
68701
|
Tue Nov 21 01:27:06 2017 |
| Susan James | sjames@lbl.gov | Question | Linux | 3.1.2-bd7 | Re: hosts allow | thanks for your quick reply.
the configuration is still not working. See my entry below which denies everyone.
I've tried many different combinations of 'hosts allow and hosts deny'
we want to restrict all our logbooks to only domain lbl.gov
[ below denies ALL ]
Hosts allow = .lbl.gov
Hosts deny = ALL
[ below denies ALL ]
Hosts deny = ALL
Hosts allow = .lbl.gov
Can you help?
| Andreas Luedeke wrote: |
|
Hi Susan,
according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
Hosts allow = <list>Hosts deny = <list>
These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:
- Access will be granted when a host matches a pattern in "hosts allow".
- Otherwise, access will be denied when a host matches a pattern in "hosts deny".
- Otherwise, access will be granted.
These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.
| Susan James wrote: |
|
I'm trying to wrap our elog instance to our company domain which is lbl.gov
I add this entry below (without quotes) to elogd.cfg and it's not working. the world can see our logbooks
" Hosts Allow = *.lbl.gov ".
can someone help?
|
|
|
|
68710
|
Thu Dec 7 21:54:58 2017 |
| Susan James | sjames@lbl.gov | Question | Linux | 3.1.2-bd7 | Re: hosts allow | Hi All,
We're still having trouble with hosts.allow and hosts.deny.
We're trying to allow all of our domain lbl.gov to the access list
for our logbooks. But the combination below is not working.
==========================
[ below denies ALL ]
Hosts allow = .lbl.gov
Hosts deny = ALL
[ below denies ALL ]
Hosts deny = ALL
Hosts allow = .lbl.gov
========================
Can someone help?
| Susan James wrote: |
|
thanks for your quick reply.
the configuration is still not working. See my entry below which denies everyone.
I've tried many different combinations of 'hosts allow and hosts deny'
we want to restrict all our logbooks to only domain lbl.gov
[ below denies ALL ]
Hosts allow = .lbl.gov
Hosts deny = ALL
[ below denies ALL ]
Hosts deny = ALL
Hosts allow = .lbl.gov
Can you help?
| Andreas Luedeke wrote: |
|
Hi Susan,
according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
Hosts allow = <list>Hosts deny = <list>
These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:
- Access will be granted when a host matches a pattern in "hosts allow".
- Otherwise, access will be denied when a host matches a pattern in "hosts deny".
- Otherwise, access will be granted.
These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.
| Susan James wrote: |
|
I'm trying to wrap our elog instance to our company domain which is lbl.gov
I add this entry below (without quotes) to elogd.cfg and it's not working. the world can see our logbooks
" Hosts Allow = *.lbl.gov ".
can someone help?
|
|
|
|
|
68711
|
Fri Dec 8 19:47:04 2017 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Question | Linux | 3.1.2-bd7 | Re: hosts allow | Hi Susan,
the documentation states that you should start elogd with the -v option from the command line and look at the output. Did you try this?
You might post the output here to get further help.
Cheers
Andreas
| Susan James wrote: |
|
Hi All,
We're still having trouble with hosts.allow and hosts.deny.
We're trying to allow all of our domain lbl.gov to the access list
for our logbooks. But the combination below is not working.
==========================
[ below denies ALL ]
Hosts allow = .lbl.gov
Hosts deny = ALL
[ below denies ALL ]
Hosts deny = ALL
Hosts allow = .lbl.gov
========================
Can someone help?
| Susan James wrote: |
|
thanks for your quick reply.
the configuration is still not working. See my entry below which denies everyone.
I've tried many different combinations of 'hosts allow and hosts deny'
we want to restrict all our logbooks to only domain lbl.gov
[ below denies ALL ]
Hosts allow = .lbl.gov
Hosts deny = ALL
[ below denies ALL ]
Hosts deny = ALL
Hosts allow = .lbl.gov
Can you help?
| Andreas Luedeke wrote: |
|
Hi Susan,
according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
Hosts allow = <list>Hosts deny = <list>
These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:
- Access will be granted when a host matches a pattern in "hosts allow".
- Otherwise, access will be denied when a host matches a pattern in "hosts deny".
- Otherwise, access will be granted.
These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.
| Susan James wrote: |
|
I'm trying to wrap our elog instance to our company domain which is lbl.gov
I add this entry below (without quotes) to elogd.cfg and it's not working. the world can see our logbooks
" Hosts Allow = *.lbl.gov ".
can someone help?
|
|
|
|
|
|
68712
|
Mon Dec 11 13:16:32 2017 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 3.1.2-bd7 | Re: hosts allow | Have you set
Resolve host names = 1
in the config file? If it still does not work, run "elogd -v" from the terminal and watch the output. You should see someting like:
Remote host "mpc1865.psi.ch" matches "ALL" in "Hosts deny". Access denied.
Remote host "mpc1865.psi.ch" matches ".lbl.gov" in "Hosts allow". Access granted.
Regards,
Stefan
| Andreas Luedeke wrote: |
|
Hi Susan,
the documentation states that you should start elogd with the -v option from the command line and look at the output. Did you try this?
You might post the output here to get further help.
Cheers
Andreas
| Susan James wrote: |
|
Hi All,
We're still having trouble with hosts.allow and hosts.deny.
We're trying to allow all of our domain lbl.gov to the access list
for our logbooks. But the combination below is not working.
==========================
[ below denies ALL ]
Hosts allow = .lbl.gov
Hosts deny = ALL
[ below denies ALL ]
Hosts deny = ALL
Hosts allow = .lbl.gov
========================
Can someone help?
| Susan James wrote: |
|
thanks for your quick reply.
the configuration is still not working. See my entry below which denies everyone.
I've tried many different combinations of 'hosts allow and hosts deny'
we want to restrict all our logbooks to only domain lbl.gov
[ below denies ALL ]
Hosts allow = .lbl.gov
Hosts deny = ALL
[ below denies ALL ]
Hosts deny = ALL
Hosts allow = .lbl.gov
Can you help?
| Andreas Luedeke wrote: |
|
Hi Susan,
according to the documentation you need to add "Hosts deny = All" in addition to the "Hosts allow" command.
Here is the relevant excerpt from the documentation (https://midas.psi.ch/elog/config.html#access).
Cheers
Andreas
Hosts allow = <list>Hosts deny = <list>
These two settings can be used to restrict the access to the logbook to certain computers. It is similar to the UNIX hosts.allow and hosts.deny files. The list can consist of individual host names or IP numbers, subnet masks like 123.213. (note the trailing '.') or .mit.edu, or the word All. The following rules are applied:
- Access will be granted when a host matches a pattern in "hosts allow".
- Otherwise, access will be denied when a host matches a pattern in "hosts deny".
- Otherwise, access will be granted.
These rules are applied before any password is checked. To debug problems, start elogd with the "-v" flag, in which case the rule checking is printed on the screen.
| Susan James wrote: |
|
I'm trying to wrap our elog instance to our company domain which is lbl.gov
I add this entry below (without quotes) to elogd.cfg and it's not working. the world can see our logbooks
" Hosts Allow = *.lbl.gov ".
can someone help?
|
|
|
|
|
|
|
66904
|
Wed Sep 15 01:04:21 2010 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | Linux | 2.7.8 | Re: honor "user" field in the Apache SSL request object or environment variables in SSL process groups? |
| Owen LaGarde wrote: |
|
Will elog defer user identification and authorization to the ssl engine of a *local* Apache proxy? I'd like to try elog in a site that requires the service port positively authenticate and identify users via smartcard certificate ID. Per SOP they have Apache+mod_ssl setting SSLUserName=SSL_CLIENT_S_DN_CN which sets both the SSL request object's "user" field and the REMOTE_USER environment var relative to the mod_ssl's session's process group leader. Users auth with Apache's mod_ssl as a single-signon replacement for web apps which have traditional native, internal user accounts/passwords, but those passwords are subsumed by the Apache/smartcard/mod_ssl setup. The web apps define internal accounts matching the users' cert IDs but do not allow any management of the [unused] passwords. Can elog do this?
|
This is not implemented at the moment. |
|
1288
|
Wed Jul 20 23:24:59 2005 |
| Stefan Ritt | stefan.ritt@psi.ch | Request | Linux | V2.6.0 | Re: hide attributes when view the logbook |
| Juliana Peng wrote: | | but it seems only effective when adding the new entry. All the attributes will show in logbook. Is there a way to hide some of the attributes? It would be good to let each user to choose what to see what not to see, create their own view. Can you put it on your to-do list or wishlist? |
I implemented your request and committed to CVS. Please test if it does what you want, since I did not have much time to test it. |
|
1298
|
Fri Jul 22 17:21:15 2005 |
| Juliana Peng | jpeng@yorku.ca | Request | Linux | V2.6.0 | Re: hide attributes when view the logbook |
| Stefan Ritt wrote: |
| Juliana Peng wrote: | | but it seems only effective when adding the new entry. All the attributes will show in logbook. Is there a way to hide some of the attributes? It would be good to let each user to choose what to see what not to see, create their own view. Can you put it on your to-do list or wishlist? |
I implemented your request and committed to CVS. Please test if it does what you want, since I did not have much time to test it. |
Thanks so much. But the new feature seems not working. If my conf is:
Options OS = SunOs{1}, Linux{2}, Aix
{1} Show Attributes = Name, SysAdmin, OS, Manufacturer, Model, Serial Number, Description
When I choose linux OS, is it supposed to get only the attributes in "Show Attributes"? All the attributes show up. Or you implemented it in other way? |
|