[rt-users] Upgrading 3.8.4 to 4.0.1 - Root password??

Kevin Falcone falcone at bestpractical.com
Thu Apr 19 10:11:31 EDT 2012


On Thu, Apr 19, 2012 at 06:15:56AM -0700, George_Holl wrote:
> 
> We have a fresh installation of RT 4.0.5. with imported data from a former
> version.
> I can login as root, but there are two issues:
> 
> 1) When I logoff and I want to logon again, the root password is changed
> to somewhat! Than I have to reset it. 
> I followed the instruction at:

This normally means you never ran make upgrade-database
and your schema is out of sync with 4.0.

Post the output of desc Users; if you'd like confirmation of that.

-kevin

> " UPGRADING FROM 3.8.8 and earlier - Changes:
> Previous versions of RT used a password hashing scheme which was too 
> easy to reverse, which could allow attackers with read access to the RT 
> database to possibly compromise users' passwords.  Even if RT does no 
> password authentication itself, it may still store these weak password 
> hashes -- using ExternalAuth does not guarantee that you are not 
> vulnerable!  To upgrade stored passwords to a stronger hash, 
> run:   perl etc/upgrade/vulnerable-passwords   "
> 
> I did that, but it didn't solve the issue.
> Can you give me a hint?
> 
> 2) Our system which is fresh installed:
> 
> Ubuntu 10.04.4 LTS
> 
> Apache Version Apache/2.2.14 (Ubuntu)
> Apache API Version 20051115
> 
> PHP Version 5.3.2-1ubuntu4.14
> mysql, Client API version 5.1.61
> RT 4.0.5
> 
> Data of the former version were imported in a mysql-database (that
> worked).
> 
> When I try to create a new request, I get the error message:
> "Anfrage konnte aufgrund eines internen Fehlers nicht angelegt werden"
> (query couldn't be created because of an internal error).
> The corresponding entry in the access-log is:
> ip.ip.ip.ip - - [18/Apr/2012:08:21:14 +0200] "POST /index.html HTTP/1.1"
> 200 3736
> What's the problem of the system?
> 
> Kind regards 
> 
>  George
> 
> 
> 
> Thomas Sibley wrote:
> > 
> > Please keep replies on the list.
> > 
> > On 04/12/2012 12:19 PM, johnathan.bell at baker.edu wrote:
> >> Thanks. I'm glad to know that it's something much simpler than I
> >> expected. I did read those, but they only mentioned the "standard
> >> database upgrade process" as far as I could see. Further research says
> >> that's probably going to be "rt-setup-database --action upgrade" or
> >> something similar… yes?
> > 
> > Yes.  The README refers to `make upgrade-database`.  You're running
> > Ubuntu packages, so the instructions we write aren't exactly the same as
> > what you'll need to do (they apply to the tarball we ship).
> > 
> > The Ubuntu packages don't run the database upgrades for you; they just
> > install the new source.
> > 
> >> What about the other parts like secure-passwords, etc… the other random
> >> "little" scripts in etc/upgrade? Should those be run before or after the
> >> rt-setup-database cmd?
> > 
> > Most are run after.  The docs (docs/UPGRADING*) mention what needs to be
> > run during the middle of the upgrade.
> > 
> > 
> 
> -- 
> View this message in context: http://old.nabble.com/Upgrading-3.8.4-to-4.0.1---Root-password---tp33676179p33713298.html
> Sent from the Request Tracker - User mailing list archive at Nabble.com.
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20120419/b0c7bb53/attachment.sig>


More information about the rt-users mailing list