<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7653.38">
<TITLE>Able to login with fake password</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P><FONT SIZE=2 FACE="Arial">I get an error each time I try to login to RT. And even worse, I found that I can login with a fake password.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">------- Start of error message -----</FONT>
<BR><FONT SIZE=2 FACE="Arial">System error</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">error: Can't use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56.</FONT>
<BR><FONT SIZE=2 FACE="Arial"> </FONT>
<BR><FONT SIZE=2 FACE="Arial">context: unable to open file </FONT>
<BR><FONT SIZE=2 FACE="Arial"> </FONT>
<BR><FONT SIZE=2 FACE="Arial">code stack: /opt/rt3/local/lib/RT/User_Vendor.pm:56</FONT>
<BR><FONT SIZE=2 FACE="Arial">/opt/rt3/local/lib/RT/User_Vendor.pm:359</FONT>
<BR><FONT SIZE=2 FACE="Arial">/opt/rt3/lib/RT/CurrentUser.pm:309</FONT>
<BR><FONT SIZE=2 FACE="Arial">/opt/rt3/share/html/autohandler:247</FONT>
<BR><FONT SIZE=2 FACE="Arial"> </FONT>
<BR><FONT SIZE=2 FACE="Arial">Can't use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56.</FONT>
</P>
<P><FONT SIZE=2 FACE="Arial">Trace begun at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Exceptions.pm line 129</FONT>
<BR><FONT SIZE=2 FACE="Arial">HTML::Mason::Exceptions::rethrow_exception('Can\'t use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56.^J') called at /opt/rt3/local/lib/RT/User_Vendor.pm line 56</FONT></P>
<P><FONT SIZE=2 FACE="Arial">RT::User::IsExternalPassword('RT::User=HASH(0xb9690c0)', 'boguspassword') called at /opt/rt3/local/lib/RT/User_Vendor.pm line 359</FONT></P>
<P><FONT SIZE=2 FACE="Arial">RT::User::IsPassword('RT::User=HASH(0xb9690c0)', 'boguspassword') called at /opt/rt3/lib/RT/CurrentUser.pm line 309</FONT>
<BR><FONT SIZE=2 FACE="Arial">RT::CurrentUser::IsPassword('RT::CurrentUser=HASH(0xb990af4)', 'boguspassword') called at /opt/rt3/share/html/autohandler line 247</FONT></P>
<P><FONT SIZE=2 FACE="Arial">HTML::Mason::Commands::__ANON__('pass', 'boguspassword', 'user', 'fpercynski') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135</FONT></P>
<P><FONT SIZE=2 FACE="Arial">HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0xb36f2c0)', 'pass', 'boguspassword', 'user', 'fpercynski') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1273</FONT></P>
<P><FONT SIZE=2 FACE="Arial">eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1268</FONT>
<BR><FONT SIZE=2 FACE="Arial">HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'boguspassword', 'user', 'fpercynski') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 467</FONT></P>
<P><FONT SIZE=2 FACE="Arial">eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 467</FONT>
<BR><FONT SIZE=2 FACE="Arial">eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 419</FONT>
<BR><FONT SIZE=2 FACE="Arial">HTML::Mason::Request::exec('HTML::Mason::Request::ApacheHandler=HASH(0xb99677c)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 168</FONT></P>
<P><FONT SIZE=2 FACE="Arial">HTML::Mason::Request::ApacheHandler::exec('HTML::Mason::Request::ApacheHandler=HASH(0xb99677c)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 825</FONT></P>
<P><FONT SIZE=2 FACE="Arial">HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=HASH(0x9f95b18)', 'Apache2::RequestRec=SCALAR(0xb9568a0)') called at /opt/rt3/bin/webmux.pl line 125</FONT></P>
<P><FONT SIZE=2 FACE="Arial">eval {...} at /opt/rt3/bin/webmux.pl line 125</FONT>
<BR><FONT SIZE=2 FACE="Arial">RT::Mason::handler('Apache2::RequestRec=SCALAR(0xb9568a0)') called at -e line 0</FONT>
<BR><FONT SIZE=2 FACE="Arial">eval {...} at -e line 0</FONT>
<BR><FONT SIZE=2 FACE="Arial">------- End of error message -----</FONT>
</P>
<BR>
<P><FONT SIZE=2 FACE="Arial">In the above error message the word "boguspassword" is the plain text representation of the password that I typed in. Which is not my real password and should not allow me to login. But if I press F5 in my browser and resubmit the information I am then successfully logged in to RT under my account.</FONT></P>
<P><FONT SIZE=2 FACE="Arial">Obviously I have configured something in a bad way. But I can't figure out what. </FONT>
<BR><FONT SIZE=2 FACE="Arial">About two months ago I was trying to get RT to authenticate against Active Directory. I tried to install RT::Authen::ExternalAuth but it never finished successfully. Nonetheless part of the installation must have worked because I have an $RTHOME/local/etc/Authen-ExternalAuth/ directory. Searching the archives makes me believe the error message above is in some way related to external authentication. I have not manually modified $RTHOME/etc/RT_SiteConfig.pm in any way to use external authentication. </FONT></P>
<P><FONT SIZE=2 FACE="Arial">RT version is 3.6.6</FONT>
</P>
<BR>
<br>-<br />
The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions.</BODY>
</HTML>