I'm trying to debug an issue with elogd (2.9.1) and was reminded that using the "-v" option exposes
user passwords. This wasn't a huge problem for us in the past, but we're now using kerberos authentication,
meaning that the exposed username/password applies to lots of sensitive systems within our university.


I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging
purposes, make that a separate (and very well documented) option. Maybe something like:
"--really-include-passwords-as-clear-text-in-log-output". :)

> I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging

As a work around, I've changed the elogd startup script to do:

        /usr/local/sbin/elogd -v -c /usr/local/elog/elogd.cfg 2>&1 | perl -ne '$|=1; if ( $_ =~ /name="upassword"/
) {<>; <>;} else { print "$_";}' > /var/log/elog 2>&1 &

That simply throws away lines that match the pattern:

    name="upassword"

and the following 2 lines (the last of which contains the password).

 Is there any way within eLog to undelete entries?

 I'm having an issue with ELog 2.9.2 revision 2455 where it crashes consistently with:

*** glibc detected *** /usr/local/sbin/elogd: malloc(): memory corruption: 0x0000000014977210 ***

Is anyone else seeing this? It's very confusing to new users.

Well, 5 years after opening this issue, with no responses here, I finally got into the source code and fixed it.

The problem seems to be if eLog is configured to prohibit users (non-administrators) from the "Config" option...but on the initial self-registration, the code goes to the Config screen for the user anyway...resulting in the false error message.

So, I [badly] hacked eLog to fix that, add some debugging/log messages, and to correct a typo.

Attached is the patch against release 3.1.1-1. Try not to cringe too much at my code. :)

Hello,

I'm new to elog. I've installed it under Slackware 11. Everything worked smoothly until I wanted to establish access control. I followed the steps described under Access control heading in Syntax of elog.cfg chapter. I specified a new password file name and the following steps with no problem. After having created a new user I stopped elogd  and added  Admin user to config file. And here is my problem - each time I want to login to elog, I get "Invalid user name or password!" message. The meaning of it is obvious. So I have repeated all the steps several times. Of course I paid attention to enter user name and password correctly but I can't get rid of this message. For sure I making something wrong, but what it is ?

Here is part of my elogd.cfg:

[global]
Port=8080
Logfile = elogd.log
Logging level = 3
Password file = passwd
Self register = 1
Admin user = eloga
charset = utf-8
 

Here is what happens after elog restart:

elogd 2.8.0 built Oct 22 2010, 11:04:31 revision 2313
Falling back to default group "elog"
Falling back to default user "elog"
Falling back to default group "elog"
Falling back to default user "elog"
ImageMagick detected
Indexing logbooks ... Converting password file for logbook "Demo" to new encoding ... ok
done
Server listening on port 8080 ...

Here is the password file :

<?xml version="1.0" encoding="ISO-8859-1"?>
<!-- created by MXML on Wed Nov 24 13:13:43 2010 -->
<list>
  <user>
    <name>eloga</name>
    <password encoding="SHA256">vnpfrWa8wmxFsLFjlY/poXdz3wh6RLt9BT.D1O52Xl9</password>
    <full_name>Mariusz Stakowski</full_name>
    <last_logout>0</last_logout>
    <last_activity>Wed Nov 24 13:13:43 2010</last_activity>
    <email>Mariusz.Stakowski@asseco.pl</email>
    <email_notify/>
  </user>
</list>

And here is what I found in elogd.log file:

24-Nov-2010 13:50:06 [] Server listening on port 8080 ...
24-Nov-2010 13:50:53 [eloga@xx.xx.xx.xx] {Demo} LOGIN user "eloga" (attempt)

Could somebody help me please ?

Best regards

Mariusz Stakowski

 Thank you Stefan, it works now

Best regards

Mariusz Stakowski