Hi,

I'm trying to set up elogd, running on port 8080 behind an Apache server on port 80, using mod_proxy to redirect
to the elogd server, and the recommended

Redirect permanent /elogbook http://example.com/elogbook/
ProxyPass /elogbook/         http://example.com:8080/

This works well for non-password-protected logbooks, but for password protected (that I can access fine via port
8080), I keep getting shown the Login page, even with valid username / password.    

Poking around the code, it appears (probably not too surprisingly) that the issue lies in check_login().  
For example, 

   /* if invalid or no session ID, show login page */
  if (!skip_sid_check && !sid_check(sid, user_name)) {
      if (isparam("redir"))
         strlcpy(str, getparam("redir"), sizeof(str));
      else
         strlcpy(str, isparam("cmdline") ? getparam("cmdline") : _cmdline, sizeof(str));
      /* avoid recursive loops with ?cmd=Login */
      if (stristr(str, loc("Login")))
         str[0] = 0;
      /*  added write_logfile here...
          char mstr[250];
          sprintf(mstr, "show_login B %s isparam: %d, cmd: %d, skip_sid_check: %d, sid_check: %d",
                         user_name,  isparam("redir"), isparam("cmdline"), skip_sid_check, sid_check(sid,
user_name));
           write_logfile(lbs, mstr);

        */
      show_login_page(lbs, str, 0);
      return FALSE;
}

and the logfile shows that user_name is blank(!!) and redir, cmdline, skip_sid_check, and sid_check(sid,
user_name) all to be 0.   In fact, isparam("unm") and isparam("upwd") are also 0, which explains why user_name
is blank.   But the log file also shows

LOGIN user "username" (attempt)
LOGIN user "username" (success)

just prior to this!

I'd guess that the form POST methods aren't being forwarded correctly, but I haven't looked at it in any more
detail.   

Is there a way to make this (password protecting logbooks while also using a proxy to Apache) work?

Thanks!

> Is there a way to make this (password protecting logbooks while also using a proxy to Apache) work?

I use it with the current version and it works fine for me. What you might be missing is the

URL = http://example.com/elogbook/

statement in your elogd.cfg to make this work.

Best regards,
Stefan

I don't remember the details, but originally had the same trouble. I think a "/" at the end of a url got me somewhere. 
I have defined...

URL = http://somewhere.edu/elog

...in the config file, and my redirect looks like this:

Redirect /elog http://somewhere.edu/elog/
ProxyPass /elog/ http://somewhere.edu:8080/
ProxyPassReverse /elog/ http://somewhere.edu:8080/

> I don't remember the details, but originally had the same trouble. I think a "/" at the end of a url got me somewhere. 
> I have defined...
> 
> URL = http://somewhere.edu/elog
> 
> ...in the config file, and my redirect looks like this:
> 
> Redirect /elog http://somewhere.edu/elog/
> ProxyPass /elog/ http://somewhere.edu:8080/
> ProxyPassReverse /elog/ http://somewhere.edu:8080/


Yes, that did it:  Adding the URL to the config file was the key.

Thanks!

We seem to have a problem with retrieving user passwords using the forgot password system
This only happens when trying to use the password recovery from the first screen that forces people to log in with the following syntax:

Protect selection page = 1
Password file = XXXXX

On the first page of our elog which can be found at

http://physics.uj.ac.za/elog/

Now currently there is one page that is viewable by guests, so going to this direct link, bypasses the login at the main page
If you try login from this page, and then use the forgot password link, the email that gets sent through will then work.

The first email that gets sent through using the main login page has the following link:
https://physics.uj.ac.za/elog/?redir=%3Fcmd%3DChange+password%26oldpwd%3DYJAATGHSIRRSBLLP&uname=Tester&upassword=YJAATGHSIRRSBLLP

When clicking on the above link normally, it takes you to a NULL user

The email link that gets sent from the guest page, that works, looks like this:
https://physics.uj.ac.za/elog/General/?redir=%3Fcmd%3DChange+password%26oldpwd%3DSACWEHJWWHKEXLMO&uname=Tester&upassword=SACWEHJWWHKEXLMO

Attached is a copy of the cfg file. The last few logbooks are all actually just copies of TEMPLATE A, so I have removed all their details to make the file easier to read for now
 

Thanks for reporting that bug. With the help of your config file I finally could reproduce and fix it. The fix is contained in SVN revision 2462.

 Thanks mate.. Glad to know it wasn't just me going insane? I'll keep an eye out for the new file

For the new version have a look here: http://midas.psi.ch/elog/faq.html#21 

I'm trying to debug an issue with elogd (2.9.1) and was reminded that using the "-v" option exposes
user passwords. This wasn't a huge problem for us in the past, but we're now using kerberos authentication,
meaning that the exposed username/password applies to lots of sensitive systems within our university.


I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging
purposes, make that a separate (and very well documented) option. Maybe something like:
"--really-include-passwords-as-clear-text-in-log-output". :)

> I'd suggest that the "-v" option hide passwords. If they need to be revealed for debugging

As a work around, I've changed the elogd startup script to do:

        /usr/local/sbin/elogd -v -c /usr/local/elog/elogd.cfg 2>&1 | perl -ne '$|=1; if ( $_ =~ /name="upassword"/
) {<>; <>;} else { print "$_";}' > /var/log/elog 2>&1 &

That simply throws away lines that match the pattern:

    name="upassword"

and the following 2 lines (the last of which contains the password).

Is there a way to create a "front page" or "table of contents" for a logbook?

While chronological entries are good and what elog was designed for, I find myself wanting a page to summarize important things
and/or link to important files that are somewhere in that logbook.  And, I would like to use the features of the elog editor to do (not just point
to another www page that points to the various elog entries).  For example, in an analysis logbook, you would like to have one page that
may summarize latest on analysis and point to best/latest plot/drawing of something and not have to re-search for it every time.

I think that start page with cmd to go to entry 1 (how do I do that?) may work.  Then I just keep editing entry 1 to point to latest info or
entries.  Will this work?  Will I run into a size limitiation if I attach too many files to that?   Is there a better way?

One could imaging using a wiki to do this, however, I never seem to get to updating our wikis... maybe I should just figure how to
get elog to do it.

Thanks.

Well, if you never get to update your wiki, you will you get to update your summary page? As you know there is no free lunch.

For my analysis logbooks, I do it such that I create an arbitrary entry in the logbook, where I put references to other entries. Using the syntax "elog:<id>" this is very simple like here: elog:67222. Then I put a link to that special page in my browser bookmarks. This puts me one mouse click away from accessing this page. You can link to other elog pages but also to page attachments this way, so no need to put too many attachments into a single page, although there is no limit on that.

Best regards,
Stefan 

Thanks for suggestion... it gave me idea for slightly different way to do it.  The method you suggest doesnt work that well to share in group (everyone would have to add that link in their bookmarks).. So I added this in config file:
Title image = <img border=0 height=25 src="bulb.png" alt="Summary/TOC entry">
Title image URL = <http:link to my specific elog page/entry num>

That replaces elog help icon with a link to TOC entry which can be any entry number.  One could make a custom icon and perhaps play around with adding more than one link (?).

Another thing that could do same thing and maybe more consistent with elog philiosophy would be to add a command that goes to a specific link or entry.... but this current solution works...

I'm slowly able to see the finish line

Now all I need to do is get SSL to work. My server name is hf-info-elog and I'm not sure what the correct values for Port= and URL= should be.

thank
Tom (the green-horn)

All you need is a SSL=1 in the config file, then the default port of 443 will be used. The URL is the one seen from outside, like

https://hf-info-elog.psi.ch

or so. The certificate from the distribution is self-signed and therefore the browser will complain. Go to AIT to obtain an official certificate.

- Stefan

Hello to @all

First please let me say that I'm a complete green-horn when it comes to linux

I'm running elog on a linux virtual server and would like to use kerberos authentication. If I set 'Authentication = Kerberos' in the elogd.cfg file I get,


If I set 'Authentication = Kerberos, File' it works fine. I hope this is just some error on my part.

thanks,
Tom

Is Kerberos set up correctly on your PC? What is the Kerberos Realm? Does the command "kinit <your user name>" work correctly? If not, you have to install and configure Kerberos correctly. Make sure to have USE_KRB5 turned on in your Makefile. 

 Thanks for the quick reply!

I downloaded and installed the latest RPM. Is Kerberos used in the RPM? The command "kinit xxxxxxx"requests my password and then returns to the prompt. I believe that the virtual server is a normal PSI linux, but I'm not 100% sure

Kerberos is not used in the RPM. You have to compile yourself from the tar ball. 

 O.K.
Like I said in the beginning, I'm a linux green-horn How do I stop the elogd daemon, and do I have to delete all the elog files and directories created by the RPM or can I just follow the instructions for the tar file and install / make over the RPM installation?

/etc/rc.d/init.d/elogd stop

Just compile elogd with Kerberos support and copy it over the existing elogd daemon.

  I think it's working now !!!!

Thanks
Tom

Hello

Want a hyperlink in one of the attributes like this : http://Someserver/someDir/perl.pl#subject

In this way I should be able to redirect to a certain part of the html that the perl script is generating. When I setup this manually it works. ( typing directly the html link into the attribute )

 
When I put the html link into elog config file it will never show up the correct format : everything after the '#' is translated into the digit 1. ( So you get  http://Someserver/someDir/perl.pl1 . ) 

I tried to escape with \# used quoting " and '. No luck.  Tried to use the &#97; , No luck. 

I've tested with several versions of elog but it seems that it has never worked. 

Allow HTML = 1 dit not work for me.

Has it to do with the autoincrement  ? ( Subst Number = XYZ-##### ) I think so because of the 1 that is returned if i use a http link . When I use the same link  http://Someserver/someDir/perl.pl#subject a second time i'll get back :
http://Someserver/someDir/perl.pl2 . So it seems that the auto increment feature plays a role in this one. 

Can this be done in the attributes of elog.? Can I have a # in a hyperlink ?

Thanks for your time.

Nobody needed such a functionality so far. I implemented it for you in SVN revision 2449. So you can simply escape it like "\#" 

Segfault when password file is empty and not writable a segmentation fault is generated when a new user tries to register:

root#  > passwd


root#  chown root.root passwd


root#  chmod 644 passwd


root#  grep -i usr elogd.cfg


root#


kernel: [515323.672377] elogd[31048]: segfault at 78 ip 00000000004ba780 sp 00007fff03cd2078 error 4 in elogd[400000+dc000]
 

I cannot reproduce this error when running within gdb.

Thanks for reporting that bug. I fixed it in SVN revision 2448.