| ID |
Date |
Icon |
Author |
Author Email |
Category |
OS |
ELOG Version |
Subject |
|
68752
|
Mon Mar 5 14:44:58 2018 |
 | KaterKarlo99 | katerkarlo99@gmail.com | Bug report | Linux | Windows | 3.1.3.1 | Re: User passwords not configurable with loacl passwordfile | Yeah!!
That did it! I remove the line "Kerberos authentication" and now it works!
Thanks!
| Stefan Ritt wrote: |
|
What happens when you don't use Kerberos authentication?
| KaterKarlo99 wrote: |
|
I'm afraid that there is something wrong because each user will be written with the same (hashed) password to the local password file,
irrespective of the given password within the "new User dialog".
So for instance, every user in my password file lokks like this:
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>TEST User</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
"password encoding" has got the same value for each user after creating them with their own passwords....
That's the main issue i have, because i don't know this password and can't set a known one....
frustrating....
any help would be appreciated
| KaterKarlo98 wrote: |
|
Hi Stefan,
thanks for the quick reply.
Yes, i've configured user-level access. Here is my cfg:
[global]
port = 9191
Usr = abc
Grp = abc
SMTP host = mail.xy.at
Protect Selection page = 1
Password file = elog_pw.xml
Logfile = elog_log.txt
Logging level = 2
Admin user = User1, Admin
Self register = 2
Restrict edit = 1
Allow password change = 1
[demo]
Theme = default
Authentication = Kerberos
Comment = General Linux Tips & Tricks
Attributes = Author, Type, Category, Subject
Options Type = Routine, Software Installation, Problem Fixed, Configuration, Oth er
Options Category = General, Hardware, Software, Network, Other
Extendable Options = Category
Required Attributes = Author, Type
Page Title = ELOG - $subject
Reverse sort = 1
Quick filter = Date, Type
And, yes, the password file is r7w accessible for the elogd:
[root@localhost logbooks]# cat elog_pw.xml
<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- created by MXML on Tue Feb 27 14:54:52 2018 -->
<list>
<user>
<name>Admin</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>Admin</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>admin@hell.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
<user>
<name>TestUser1</name>
<password encoding="SHA256">3c2QQ0KjIU1OLtB29cl8Fplc2WN7X89bnoEjaR7tWu.</password>
<full_name>User1</full_name>
<last_logout>0</last_logout>
<last_activity>0</last_activity>
<email>test@heaven.org</email>
<inactive>0</inactive>
<email_notify/>
</user>
</list>
br, Rainer
| Stefan Ritt wrote: |
|
Have you configures user-level access via
password file = anyfile.pwd
Can your elogd server write to that file?
If yes, can you please post your config file?
Stefan
| KaterKarlo99 wrote: |
|
Hi!
Tryed windows an linux version. On booth the "Register new User" dialog is not displaying a password line.
so what password is used for the new user? Further the user can't change his password, because he didn't know the old one.
And if an admin user trys to change the password of an other user, a error is displyed that the old password of the admin user is
wrong and nothing happens with the password of the non-admin user.
elog console (admin user awrzkrz changes the password of testuser1):
GET /demo/?cmd=Config&config=TestUser1&cfgpage=1&admin=1&cfg_user=TestUser1&active=1&new_user_name=TestUser1&new_full_name=TEST+User&new_user_email=test%40heaven.org&cmd=Change+password HTTP/1.1
Returned 1032 bytes
GET /demo/?config=TestUser1&newpwd=test1234&newpwd2=test1234 HTTP/1.1
Returned 20 bytes
GET /demo/?cmd=Change%20password&config=awrzkrz&fail=1 HTTP/1.1
Returned 1215 bytes
Thanks for help!
|
|
|
|
|
|
|
66371
|
Thu Jun 4 14:37:54 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.7.6 | Re: User can modify Fixed Attributes Edit when selecting preview |
| Allen wrote: |
|
Hi. I'm pretty new to ELOG, so I'm not sure if I'm doing something wrong.
I have a bunch of fields set so that after an entry has been submitted, they cannot edit certain fields. When I click the edit button, everything looks restricted as it should be, but if I click Preview, the user is then able to change the fixed attributes.
Is there anyway to remove the preview button inside the edit page, or is anyone else having this issue?
|
Thanks for reporting this bug. I fixed it in revision #2203. |
|
68112
|
Fri Sep 4 10:04:20 2015 |
| Andreas Luedeke | andreas.luedeke@psi.ch | Question | Linux | 3.1 | Re: User based theme selection | No, I don't think it is possible.
| Oliver Kleinau wrote: |
| Hi, is it somehow possible to use different themes for different users? Perhaps editing the password XML file? Thanks, Oliver |
|
|
66560
|
Fri Oct 16 12:17:15 2009 |
| Stefan Ritt | stefan.ritt@psi.ch | Bug report | Linux | 2.7.7 | Re: User authorization file corruption |
| soren poulsen wrote: |
|
Hi,
Here is what happens (I think) if E-log encounters a full file system where it keeps the user authorization file:
1. When a user connects, E-log will make a backup of the file. The backup will be corrupt since the file system is full.
2. E-log will modify the contents of the original file, and write it back. The file will be corrupt since the file system is full.
3. Now, both the backup and the normal file are corrupt and you cannot log on, until someone cleans up the file system and restores a valid copy of the file.
Would it be possible to fix this ? Like abort if step 1 is not successful. And restore the backup file if step 2 is not successful.
Thanks a lot for you help
Soren
|
Ok, I finally found some time (I'm pretty busy these days) to add a check for a potential full file system in SVN revision 2258. So before the password file would get corrupted, elog shows an error message about the full file system and just stops to work until space is freed up. |
|
66565
|
Mon Oct 26 10:15:20 2009 |
| soren poulsen | soren.poulsen@cern.ch | Bug report | Linux | 2.7.7 | Re: User authorization file corruption |
| Stefan Ritt wrote: |
|
| soren poulsen wrote: |
|
Hi,
Here is what happens (I think) if E-log encounters a full file system where it keeps the user authorization file:
1. When a user connects, E-log will make a backup of the file. The backup will be corrupt since the file system is full.
2. E-log will modify the contents of the original file, and write it back. The file will be corrupt since the file system is full.
3. Now, both the backup and the normal file are corrupt and you cannot log on, until someone cleans up the file system and restores a valid copy of the file.
Would it be possible to fix this ? Like abort if step 1 is not successful. And restore the backup file if step 2 is not successful.
Thanks a lot for you help
Soren
|
Ok, I finally found some time (I'm pretty busy these days) to add a check for a potential full file system in SVN revision 2258. So before the password file would get corrupted, elog shows an error message about the full file system and just stops to work until space is freed up.
|
Great. We fully appreciate that your are busy (with other things than E-log).
Thanks for the resolution.
Soren |
|
308
|
Fri May 2 08:45:38 2003 |
| Stefan Ritt | stefan.ritt@psi.ch | Question | | | Re: User Profile - Access to logbook group | > We would like to give access to selected users to only their Group. So that
> for instance Users1 cannot access the books of group Users3. I was
> wondering if there is any notion of "User profile" or security per logbook
> Group implemented?
No, groups of users are not yet implemented, but it's on the wishlist and I
added your vote for this item.
> What we do for now is that we have 3 different PASSELOG files and for each
> Book we need to specify which PASSELOG should be used for authentication.
> This works fine except that we prefer that users do not see the other
> logbooks listed in the main menu nor the other "inaccessible" logbook tabs
> in the logbook view. Is there a way to hide these for them (but only for
> them)?
A (poor man's) work-around right now is to run three instances of elogd on
three different ports, then use Apache as a proxy. I do this in this server
for example. Under http://midas.psi.ch/elogdemo you see the public logbooks,
while under http://midas.psi.ch/megelog you see some logbooks from an
experiment here at our institute. The access control is completely separated,
and you don't see the logbook tabs from the other group as well. |
|
312
|
Fri May 2 15:58:23 2003 |
 | Robert Keeney | rkeeney@dfs.state.fl.us | Question | | | Re: User Profile - Access to logbook group | I have managed to get this to work (so far).
What I do is use a separate password file and directory for each log.
I haven't tested it with with the current version but it worked fine before
that. My testing consisted of creating a user in the main password file and
see if he could get to anything I didn't want him to. This may not be enough
for something that requires a high level of security.
When I create a new user I move that line to the appropriate password file if
it isn't already there.
You will get an invalid user message and a prompt if you try access a log that
doesn't have your user name in the password file.
I only have six people using it so this isn't much trouble.
I would like to see groups implemented to make this more manageable.
> Hi,
>
> I was wondering if anyone had a solution for my problem.
> We are trying to run several books on one server. The books are grouped
> such as follows :
>
> Group Users1 = Book1, Book2, Book3
> Group Users2 = Book4, Book5, Book6
> Group Users3 = Book7, Book8, Book9
>
> We would like to give access to selected users to only their Group. So that
> for instance Users1 cannot access the books of group Users3. I was
> wondering if there is any notion of "User profile" or security per logbook
> Group implemented?
>
> What we do for now is that we have 3 different PASSELOG files and for each
> Book we need to specify which PASSELOG should be used for authentication.
> This works fine except that we prefer that users do not see the other
> logbooks listed in the main menu nor the other "inaccessible" logbook tabs
> in the logbook view. Is there a way to hide these for them (but only for
> them)?
>
> Tomas |
|
313
|
Fri May 2 18:10:36 2003 |
| Tomas Rudolf | tomas@mba.be | Question | | | Re: User Profile - Access to logbook group | Robert, this is exactly what we managed to do as well. And it works fine.
The only issue is that the users from one group can "SEE" the book names
available to other groups.
The solution Stephane suggested seems like the only possible right now.
Anyways, thank you for your answers, Robert & Stephane !
Tomas
> I have managed to get this to work (so far).
>
> What I do is use a separate password file and directory for each log.
>
> I haven't tested it with with the current version but it worked fine before
> that. My testing consisted of creating a user in the main password file and
> see if he could get to anything I didn't want him to. This may not be
enough
> for something that requires a high level of security.
>
> When I create a new user I move that line to the appropriate password file
if
> it isn't already there.
>
> You will get an invalid user message and a prompt if you try access a log
that
> doesn't have your user name in the password file.
>
> I only have six people using it so this isn't much trouble.
>
> I would like to see groups implemented to make this more manageable.
>
> > Hi,
> >
> > I was wondering if anyone had a solution for my problem.
> > We are trying to run several books on one server. The books are grouped
> > such as follows :
> >
> > Group Users1 = Book1, Book2, Book3
> > Group Users2 = Book4, Book5, Book6
> > Group Users3 = Book7, Book8, Book9
> >
> > We would like to give access to selected users to only their Group. So
that
> > for instance Users1 cannot access the books of group Users3. I was
> > wondering if there is any notion of "User profile" or security per
logbook
> > Group implemented?
> >
> > What we do for now is that we have 3 different PASSELOG files and for
each
> > Book we need to specify which PASSELOG should be used for
authentication.
> > This works fine except that we prefer that users do not see the other
> > logbooks listed in the main menu nor the other "inaccessible" logbook
tabs
> > in the logbook view. Is there a way to hide these for them (but only for
> > them)?
> >
> > Tomas |
|