[rt-users] Passwords not working after upgrade to rt-4.0.8

Raed El-Hames Raed.El-Hames at daisygroupplc.com
Thu Jan 31 06:46:59 EST 2013 

Thomas,

Just incase this helps you in the diagnoses .
I managed to changed my user password via perl script and rt api.
Managed to login and change my password from web ui, logout then in again ..still works
Changed root password , then logged in as root and it worked.
Password hash now looks better: !sha512!KKxW98Esg+bVXzfM!aWfTpkuRONLZaGwSFApCqXwS8nAlLshdeDLfhb0aV/2he4Hp7Gwu3eqkcx9PgA+CR2QESSuAMvGwNH2BplVZGQ

So we know the database schema changes have been applied

I checked if this isolated to my user and root , quick look in the Users table:
mysql> select count(*) from Users where length(Password) > 42 ;
+----------+
| count(*) |
+----------+
|        3 |
+----------+
These 3 accounts are my user root and an account I created today.

But I am left with:
mysql> select count(*) from Users where Password != '*NO-PASSWORD*' and length(Password) < 43 ;
+----------+
| count(*) |
+----------+
|     2343 |
+----------+

Any pointers??

Roy


Visit our website today www.daisygroupplc.com

Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire BB9 5SR
Company Registration Number: 4145329 |   VAT Number: 722471355
Daisy Communications Limited is a company registered in England and Wales.
DISCLAIMER

This email (including any attachments) is strictly confidential and may also be legally privileged. If the recipient has received this email in error please notify the sender and do not read, print, re-transmit, store or act in reliance on the email or its attachments and immediately delete this email and its attachments from the recipient’s system. Daisy Communications Limited cannot accept liability for any breaches of confidence arising through use of email. Employees of Daisy Communications Limited are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to the company’s policy and outside the scope of the employment of the individual concerned. Daisy Communications Limited will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liability arising.

If you are the intended recipient of this email please ensure that neither the email nor any attachments are copied to third parties outside your organisation or saved without the written permission of the sender.  In the event of any unauthorised copying or forwarding, the recipient will be required to indemnify Daisy Communications Limited against any claim for loss or damage caused by any viruses or otherwise.

WARNING: Computer viruses can be transmitted by email. The recipient should check this email and any attachments for the presence of viruses. Daisy Communications Limited accepts no liability for any damage caused by any virus transmitted by this email or any attachments.
NOTICE TO CUSTOMERS
If you have ordered a telephone number from Daisy Communications Limited (non-geographic or new line installation) please do NOT arrange for any form of advertising until the number is live and tested.


-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Raed El-Hames
Sent: 31 January 2013 11:11
To: Thomas Sibley; rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Passwords not working after upgrade to rt-4.0.8

Hi Thomas,

Thanks for your response.
There is nothing in my local/lib (no local changes applied yet):
[root at rt-dev lib]# pwd
/opt/rt4/local/lib
[root at rt-dev lib]# ls -al
total 8
drwxr-xr-x 2 root root 4096 Jan  7 15:35 .
drwxr-xr-x 7 root root 4096 Jan  7 15:35 ..

My User.pm is attached (please note I have made any changes there either).

Regards;
Roy




Visit our website today www.daisygroupplc.com

Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire BB9 5SR
Company Registration Number: 4145329 |   VAT Number: 722471355
Daisy Communications Limited is a company registered in England and Wales.
DISCLAIMER

This email (including any attachments) is strictly confidential and may also be legally privileged. If the recipient has received this email in error please notify the sender and do not read, print, re-transmit, store or act in reliance on the email or its attachments and immediately delete this email and its attachments from the recipient’s system. Daisy Communications Limited cannot accept liability for any breaches of confidence arising through use of email. Employees of Daisy Communications Limited are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to the company’s policy and outside the scope of the employment of the individual concerned. Daisy Communications Limited will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liability arising.

If you are the intended recipient of this email please ensure that neither the email nor any attachments are copied to third parties outside your organisation or saved without the written permission of the sender.  In the event of any unauthorised copying or forwarding, the recipient will be required to indemnify Daisy Communications Limited against any claim for loss or damage caused by any viruses or otherwise.

WARNING: Computer viruses can be transmitted by email. The recipient should check this email and any attachments for the presence of viruses. Daisy Communications Limited accepts no liability for any damage caused by any virus transmitted by this email or any attachments.
NOTICE TO CUSTOMERS
If you have ordered a telephone number from Daisy Communications Limited (non-geographic or new line installation) please do NOT arrange for any form of advertising until the number is live and tested.


-----Original Message-----
From: rt-users-bounces at lists.bestpractical.com [mailto:rt-users-bounces at lists.bestpractical.com] On Behalf Of Thomas Sibley
Sent: 30 January 2013 19:20
To: rt-users at lists.bestpractical.com
Subject: Re: [rt-users] Passwords not working after upgrade to rt-4.0.8

On 01/30/2013 10:12 AM, Raed El-Hames wrote:
> First of all apologies for the length of signature (I really can't do anything about it).
> I am in the process of upgrading my rt-3.8.7 to rt-4.0.8 , I followed all the README and Upgrade docs.
> I am installing into a clean rt4 directory, and only put in cosmetic customisation .
>
[snip]
>
> My Users table:
> | Users | CREATE TABLE `Users` (
>   `id` int(11) NOT NULL AUTO_INCREMENT,
>   `Name` varchar(200) NOT NULL DEFAULT '',
>   `Password` varchar(256) DEFAULT NULL,
>
[snip]
>
> Also if its helps, the password entry for my user:
> Password: !sha512!5B7CB45ok1NPS+Ig!LITc6RFH4wTOfqz

Despite the longer column size, your password value is truncated.  This is usually the result of an incomplete database upgrade that left the column length at 40.

Can you reply with your /opt/rt4/lib/RT/User.pm and anything in /opt/rt4/local/lib/?

Thomas

More information about the rt-users mailing list