| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
1648
|
Fri Feb 3 18:15:47 2006 |
 | Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Question | Linux | 2.6.1 | elog allows me to create user "blahblah " |
Hi,
I noticed that when I register a username that contains whitespaces (eg "boing "), elog allows me to create the user of that name and updates the password file accordingly. It doesn't log me in, but it gives me no error message either. I also found that if I repeat the process it adds yet another entry in the password file, by the same name "boing ". Is that a bug or is there something wrong with my configuration?
Cheers,
Dimitris |
|
1649
|
Fri Feb 3 18:25:32 2006 |
 | Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Question | Linux | 2.6.1 | Re: elog allows me to create user "blahblah " |
By the way, it is also possible to create a user that doesn't have a password! Shouldn't that be forbidden?
Dimitris |
|
1654
|
Mon Feb 6 16:27:45 2006 |
| Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Request | Linux | 2.6.1 | Re: elog allows me to create user "blahblah " |
| Stefan Ritt wrote: |
| Dimitrios Tsirigkas wrote: | | By the way, it is also possible to create a user that doesn't have a password! Shouldn't that be forbidden? |
Well, some people want that! |
Ok, fair enough. But maybe there could be an optional flag in the configuration that disables blank passwords... I wouldn't want some imposter to start entering stuff under the username of another user, so it would be nice if I could have some way of forcing them to have a password, even if it's a one-letter password.
Thanks,
Dimitris |
|
1672
|
Thu Feb 9 14:15:54 2006 |
 | Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Info | | | Posting without logging in! |
Hi all! This is an HTTP POST request submitted from the command line using curl, and providing no authentication information. If I can post as myself using this command, then shouldn't something be done about this? Cheers, Dimitris |
|
1677
|
Fri Feb 10 16:16:11 2006 |
| Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Info | | | Re: Posting without logging in! |
| Stefan Ritt wrote: |
Yes indeed. I fixed that in SVN revision 1655. I upgraded this server so you can try again if it works. |
Just tried it, it's fixed 
Dimitris |
|
1688
|
Tue Feb 14 12:57:37 2006 |
| Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Question | Linux | 2.6.1 | Accessing elog through two apache servers... |
Hello,
We have elogd running on a pc, say cmsdaqpreseries, that also runs an apache server and we've made sure that it's only accessible through the apache server, like so:
http://cmsdaqpreseries.cern.ch/elog/
This works fine.
We then tried to set up another apache server on another computer, say cmsdaq, and use that as a proxy server to access the apache server on cmsdaqpreseries and thus the elog (don't ask why...). Our sysadmin has set up kerberos authentication on that machine, so if I go to:
https://cmsdaq.cern.ch/elog/ (note the 's')
I am prompted for a username and password and then get the elog selection page. All seems to be working well, for example, the URL:
https://cmsdaq.cern.ch/elog/DAQ/?cmd=Find
will load properly. However, if I hit "login" (https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login) I get caught in an infinite redirection. Of course:
http://cmsdaqpreseries.cern.ch/elog/DAQ/?cmd=Find
will still work! Any ideas on what we should do to set it up correctly? And why does this only happen with the login command?
Our sysadmin used ethereal to sniff the message exchange between the apache on cmsdaqpreseries and elog. I am including the details of the http request that elog likes (directly from cmsdaqpreseries) and of the one it doesn't like (from cmsdaqpreseries but originating at cmsdaq) as image attachments, as the text is not selectable (sorry). 
Thanks in advance,
Dimitris |
|
1690
|
Tue Feb 14 14:23:04 2006 |
| Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Question | Linux | 2.6.1 | Re: Accessing elog through two apache servers... |
Hi Stefan,
| Stefan Ritt wrote: |
Hi Dimitrios,
I know where your problem is and you could actually help me in solving it. The reason of the problem is the redirection. After you login, you get redirected (via the HTTP "Location:" statement) to the start page. In an very old version of ELOG, I had relative redirection. So from https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login I did a redirect to "." and voila I the browser asked for https://cmsdaq.cern.ch/elog/DAQ/.
|
But my problem begins before I log in. Trying to load https://cmsdaq.cern.ch/elog/DAQ/?cmd=Login will get me in the infinite redirection directly. Besides, I do have URL = https://cmsdaq.cern.ch/elog/ in my configuration file, so the redirection should work in my case (since I'm trying to access it through cmsdaq) and fail in every other case. Is that right or is there something I'm missing?
Cheers,
Dimitris |
|
1691
|
Tue Feb 14 16:06:28 2006 |
| Dimitrios Tsirigkas | dimitrios.tsirigkas@cern.ch | Question | Linux | 2.6.1 | Re: Accessing elog through two apache servers... |
Hi,
The problem was coming from the fact that elog did not supports request coming from multiple hops through proxies. You got the ful string of them in the X-Forwarded-host header. Hence, you have to pick only the first one, terminated by a ','.
Here's the patch:
--- elogd-orig.c 2006-02-14 15:47:51.000000000 +0100
+++ elogd.c 2006-02-14 15:49:42.000000000 +0100
@@ -20985,6 +20985,8 @@
strcpy(str2, http_host);
if (strchr(str2, ':'))
*strchr(str2, ':') = 0;
+ if (strchr(str2, ','))
+ *strchr(str2, ',') = 0;
if (!strieq(str, str2)) {
redirect(lbs, _cmdline);
return FALSE;
Cheers
Eric and Dimitris |