Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG, Page 771 of 796  Not logged in ELOG logo
ID Date Icon Author Author Emailup Category OS ELOG Version Subject
  69061   Thu Nov 21 18:10:28 2019 Reply David Walliswallis@aps.anl.govQuestionLinuxV3.1.4-ba84827Re: PAM authentication question

Hi Christoph,

Thanks for looking into this, if you can enable PAM + File, our users would be very happy!

The pam.d issue is probably related to CentOS/Red Hat, since our PAM expert warned me that it might be necessary.

Jan Christoph Terasa wrote:
David Wallis wrote:

I'm testing the PAM authentication feature, and have a couple questions, a suggestion, and a comment.

First the comment... it was pretty easy to get working, and is exactly what we need here, so thanks! Our PAM stack here is designed to allow logins with Active Directory, LDAP, or local accounts, so the PAM option preserves all of that.

The suggestion: In order to make it work, I had to add a symbolic link in /etc/pam.d:
    elogd -> system-auth
That might be considered for addition to the documentation (this was on Red Hat Enterprise Linux 7.7)

The questions:

  1. The docs indicate that "Self register" must be set to >= 1, but in the code (elogd.c, line 26453), if the PAM module is enabled, Self register is overriden to 0. The result is that no "register as new user" link is displayed on the login screen. Is that the intent?
  2. Related... can PAM and File authentication both be enabled? We have some logbooks that are used by both internal people (with an A/D account) and outside collaborators that get local elog accounts. This works with LDAP + File, can it work with PAM?

Thanks in advance!

 

David, thank you for reporting on your findings regarding the PAM feature. I will look into the points you mentioned:

0. On my machines (Debian testing and stable) I did not have to add anything to /etc/pam.d, but apparently Debian just uses implicit defaults then, and REHL might insist on using excplicit settings. Adding a hint in the documentation is certainly useful, thank your for the suggestion. Maybe elog should provide a pam.d config file (which can be installed/adapted by package maintainers for various OSes).

1.+2. If I remember correctly, I intentionally disabled registration when using the PAM backend, because users will register using their passwd/LDAP/NIS users, and new users can only be regustered using the appropriate tools for the authentication mechanism used. This might not be correctly reflected in the docs, I will check that. In the light of question 2., I can also re-investigate that policy, so that logins will check against both the elog user database and PAM. Self-registering can then be enabled again, and new registrees will go to the elog database. I will try to bringthe code in line with how LDAP works.

 

regards,

Christoph

 

  69070   Mon Dec 2 23:28:28 2019 Question David Walliswallis@aps.anl.govQuestionLinuxV3.1.3Change column width in list mode?

In some of our logbooks, some columns are very narrow, which makes their content difficult to read. I have tried adding a custom css file like this:

listframe td:nth-child(3) {
   width: 250px;
}

But I find that the column width does not change. I have verified via element inspection that the width attribute is active on the correct column (td).

Am I doing someting wrong, or is this not possible?

  69075   Fri Dec 6 15:40:19 2019 Reply David Walliswallis@aps.anl.govQuestionLinuxV3.1.3Re: Change column width in list mode?

Awesome, thank you!

Stefan Ritt wrote:

You need

.listframe td:nth-child(3) {
   min-width: 250px;
}

/Stefan

David Wallis wrote:

In some of our logbooks, some columns are very narrow, which makes their content difficult to read. I have tried adding a custom css file like this:

listframe td:nth-child(3) {
   width: 250px;
}

But I find that the column width does not change. I have verified via element inspection that the width attribute is active on the correct column (td).

Am I doing someting wrong, or is this not possible?

 

 

  69237   Tue Oct 20 15:08:17 2020 Question David Walliswallis@aps.anl.govQuestionLinuxELOG V3.1.4-ba8From command line: "command Submit not allowed"

I'm running  Elog version V3.1.4-ba84827 on Red Hat Linux 7.9. As part of migrating from an older in-house logbook to Elog, I need to upload all the old logbook entries. However, when I attempt to do that with the "elog" command line tool, I'm getting the error "command Submit not  allowed.

I read through a similar report from 2015 (entry #68149), but none of the potential causes seem to be at play here. The logbook is using PAM authentication, and I can log in to the web interface using the same credentials I'm using from the command line. The other case mentioned a dis-allowed encoding format, but my logbook is configured to allow all formats.

 

This is the command line I'm using:

/usr/local/elog/bin/elog -v -h logbook.aps.anl.gov -p 8081 -l On_Call -x -n 2 -a Date='10/19/2020 01:02' Author="David Wallis" Title='Test Upload' Status='Open' System='On-Call' -u 'wallis' '*****'  "This is a test message"

  69239   Tue Oct 20 17:50:50 2020 Reply David Walliswallis@aps.anl.govQuestionLinuxELOG V3.1.4-ba8Re: From command line: "command Submit not allowed"

Update: I tried switching the logbook to no authentication reqiured, and still get the "command Submit not allowed" response.

David Wallis wrote:

I'm running  Elog version V3.1.4-ba84827 on Red Hat Linux 7.9. As part of migrating from an older in-house logbook to Elog, I need to upload all the old logbook entries. However, when I attempt to do that with the "elog" command line tool, I'm getting the error "command Submit not  allowed.

I read through a similar report from 2015 (entry #68149), but none of the potential causes seem to be at play here. The logbook is using PAM authentication, and I can log in to the web interface using the same credentials I'm using from the command line. The other case mentioned a dis-allowed encoding format, but my logbook is configured to allow all formats.

 

This is the command line I'm using:

/usr/local/elog/bin/elog -v -h logbook.aps.anl.gov -p 8081 -l On_Call -x -n 2 -a Date='10/19/2020 01:02' Author="David Wallis" Title='Test Upload' Status='Open' System='On-Call' -u 'wallis' '*****'  "This is a test message"

 

  69241   Tue Oct 20 18:26:26 2020 Reply David Walliswallis@aps.anl.govQuestionLinuxELOG V3.1.4-ba8Re: From command line: "command Submit not allowed"

Hmmm... I added "New" to the Guest menu list, and the button showed up for a guest user. But when I submitted the new ticket, I got the message Error: Command "Submit" is not allowed for user ""

Stefan Ritt wrote:

"submit not allowed" you typically get if there is a "guest menu" for read-only access and you are not logged in. I never tried the elog program with PAM authentication, but you said that your turned authentication off. What I would do is to strip down your elogd.cfg to a very simple form until the elog utility works, then figure out which configuration makes the trouble.

Stefan

David Wallis wrote:

Update: I tried switching the logbook to no authentication reqiured, and still get the "command Submit not allowed" response.

David Wallis wrote:

I'm running  Elog version V3.1.4-ba84827 on Red Hat Linux 7.9. As part of migrating from an older in-house logbook to Elog, I need to upload all the old logbook entries. However, when I attempt to do that with the "elog" command line tool, I'm getting the error "command Submit not  allowed.

I read through a similar report from 2015 (entry #68149), but none of the potential causes seem to be at play here. The logbook is using PAM authentication, and I can log in to the web interface using the same credentials I'm using from the command line. The other case mentioned a dis-allowed encoding format, but my logbook is configured to allow all formats.

 

This is the command line I'm using:

/usr/local/elog/bin/elog -v -h logbook.aps.anl.gov -p 8081 -l On_Call -x -n 2 -a Date='10/19/2020 01:02' Author="David Wallis" Title='Test Upload' Status='Open' System='On-Call' -u 'wallis' '*****'  "This is a test message"

 

 

 

  69243   Tue Oct 20 20:44:03 2020 Reply David Walliswallis@aps.anl.govQuestionLinuxELOG V3.1.4-ba8Re: From command line: "command Submit not allowed"

I've been able to work around this by completely turning off authentication, and adding New to the Guest menu list.

One additional question: since I'm uploading historical logbook entries, is it possible to set the entry creation date via the command line? It seems that elogd is overriding the attribute "Date".

David Wallis wrote:

Hmmm... I added "New" to the Guest menu list, and the button showed up for a guest user. But when I submitted the new ticket, I got the message Error: Command "Submit" is not allowed for user ""

Stefan Ritt wrote:

"submit not allowed" you typically get if there is a "guest menu" for read-only access and you are not logged in. I never tried the elog program with PAM authentication, but you said that your turned authentication off. What I would do is to strip down your elogd.cfg to a very simple form until the elog utility works, then figure out which configuration makes the trouble.

Stefan

David Wallis wrote:

Update: I tried switching the logbook to no authentication reqiured, and still get the "command Submit not allowed" response.

David Wallis wrote:

I'm running  Elog version V3.1.4-ba84827 on Red Hat Linux 7.9. As part of migrating from an older in-house logbook to Elog, I need to upload all the old logbook entries. However, when I attempt to do that with the "elog" command line tool, I'm getting the error "command Submit not  allowed.

I read through a similar report from 2015 (entry #68149), but none of the potential causes seem to be at play here. The logbook is using PAM authentication, and I can log in to the web interface using the same credentials I'm using from the command line. The other case mentioned a dis-allowed encoding format, but my logbook is configured to allow all formats.

 

This is the command line I'm using:

/usr/local/elog/bin/elog -v -h logbook.aps.anl.gov -p 8081 -l On_Call -x -n 2 -a Date='10/19/2020 01:02' Author="David Wallis" Title='Test Upload' Status='Open' System='On-Call' -u 'wallis' '*****'  "This is a test message"

 

 

 

 

  69247   Wed Oct 21 15:14:13 2020 Reply David Walliswallis@aps.anl.govQuestionLinuxELOG V3.1.4-ba8Re: From command line: "command Submit not allowed"

Hi David, thanks for your input!

This logbook has been around for almost 10 years, and has evolved from file-based authentication, to LDAP, and finally to PAM (that can use any of local password files, LDAP, and Active Directory), and I'm thinking that might be the root of this problem. There are old account entries from the file-based days, with passwords, that match the AD usernames. I'm wondering if elogd is trying to use the password in the password file, rather than via PAM. I don't remember the old passwords, so I can't check, and I've run into problems trying to change the passwords. I'm wondering if there's a way to generate a new password from the command line, that would allow me to test the theory.

David Dunne wrote:

FYI, I had problems a few weeks ago trying to get the command line elog working, blamed everybody and everything but myself.

In my case it was command line syntax errors and eventually got it going as part of a nightly script

While testing I ran the Elog Server from the command line in verbose mode to see if that helped determine the problem.

On the server end the logbook uploading to is set for Plaintext

# Set entries to TEXT Only format
Default encoding = 1
Allowed encoding = 1

 

Elog server authenication is standard built in to elogd, no PAM, no LDAP, no Kerberos 

Below is what works for me, I’ve replaced my Elog Server Hostname, Elog Username & Password used to connect to the server with generic.

Elog Server version = elog-3.1.4-2

 

# Log details in Elog Server

/usr/local/bin/elog -h HOSTNAME -p 80 -l Backups -u USERNAME PASSWORD -a Backup=NightlyBackupScript -a Hostname=$HOST -n 1 -x -m /tmp/elog.nightly.script.$TIMESTAMP

 

I've been caught out in the past having a very old version of the elog command line talking to a recent Elog Server build or Encoding not matching

 

David Wallis wrote:

I've been able to work around this by completely turning off authentication, and adding New to the Guest menu list.

One additional question: since I'm uploading historical logbook entries, is it possible to set the entry creation date via the command line? It seems that elogd is overriding the attribute "Date".

David Wallis wrote:

Hmmm... I added "New" to the Guest menu list, and the button showed up for a guest user. But when I submitted the new ticket, I got the message Error: Command "Submit" is not allowed for user ""

Stefan Ritt wrote:

"submit not allowed" you typically get if there is a "guest menu" for read-only access and you are not logged in. I never tried the elog program with PAM authentication, but you said that your turned authentication off. What I would do is to strip down your elogd.cfg to a very simple form until the elog utility works, then figure out which configuration makes the trouble.

Stefan

David Wallis wrote:

Update: I tried switching the logbook to no authentication reqiured, and still get the "command Submit not allowed" response.

David Wallis wrote:

I'm running  Elog version V3.1.4-ba84827 on Red Hat Linux 7.9. As part of migrating from an older in-house logbook to Elog, I need to upload all the old logbook entries. However, when I attempt to do that with the "elog" command line tool, I'm getting the error "command Submit not  allowed.

I read through a similar report from 2015 (entry #68149), but none of the potential causes seem to be at play here. The logbook is using PAM authentication, and I can log in to the web interface using the same credentials I'm using from the command line. The other case mentioned a dis-allowed encoding format, but my logbook is configured to allow all formats.

 

This is the command line I'm using:

/usr/local/elog/bin/elog -v -h logbook.aps.anl.gov -p 8081 -l On_Call -x -n 2 -a Date='10/19/2020 01:02' Author="David Wallis" Title='Test Upload' Status='Open' System='On-Call' -u 'wallis' '*****'  "This is a test message"

 

 

 

 

 

 

ELOG V3.1.5-2eba886