[rt-users] unprivileged users need to log in twice

David Griffith dgriffi at cs.csubak.edu
Wed Dec 9 13:50:48 EST 2009


Debian 5.0 upgraded fixed a session fixation vulnerability on December 1, 
2009 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559020).  It seems 
that when this happened, my installation now requires unprivileged users 
to log in twice.  At the first login, the username and password fields are 
cleared and nothing seems to have happened.  Put in the username and 
password a second time and the user is logged in.  Sometimes if I try to 
log in as an unprivileged user, get put back to the login screen, then 
login as a privileged user, I get logged in with diminished privileges. 
Would someone please tell me what's going on?  Maybe now would be a good 
time to upgrade to 3.8?

-- 
David Griffith
dgriffi at cs.csubak.edu

A: Because it fouls the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?



More information about the rt-users mailing list