[rt-users] ModifySelf Privilege Prevents Login

Jesse Vincent jesse at bestpractical.com
Fri Sep 25 12:46:32 EDT 2009 



On Fri, Sep 25, 2009 at 09:03:56AM -0700, Behzad Mahini wrote:
> Hoping this additional piece of Information from Apache 'error_log"  
> file would provide more clue for debugging:

Out of curiousity, is there anything interesting in your syslog or
database error log?
> 
> 
> ====
> [error]: FAILED LOGIN for root from xx.xxx.xx.xxx (/some_dir_xxx/share/ 
> html/autohandler:268)
> ====
> 
> lines of the code within "autohandler" that the above error message is  
> pointing to are:
> 
> ====
> unless( $session{'CurrentUser'} ) {
>      # If the user is logging in, let's authenticate
>      if( defined $user && defined $pass ) {
>          my $user_obj = RT::CurrentUser->new;
>          $user_obj->Load( $user );
> 
>          unless ( $user_obj->id && $user_obj->IsPassword( $pass ) ) {
>              $RT::Logger->error("FAILED LOGIN for $user from  
> $ENV{'REMOTE_ADDR'}");	<<..........line 268, WHERE the complaint is  
> being made...>>
>              $m->comp( '/Elements/Login', %ARGS,
>                        Error => loc('Your username or password is  
> incorrect'),
>                      );
>              $m->callback( %ARGS, CallbackName => 'FailedLogin' );
>              $m->abort;
>          }
>          $session{'CurrentUser'} = $user_obj;
>          $RT::Logger->info(
>              "Successful login for $user from $ENV{'REMOTE_ADDR'}");
>          $m->callback( %ARGS, CallbackName => 'SuccessfulLogin' );
>      }
>      # if no credentials then show him login page
>      else {
>          $m->comp( '/Elements/Login', %ARGS );
>          $m->abort;
>      }
> }
> 
> ====
> 
> -Behzad
> On Sep 24, 2009, at 4:56 PM, Behzad Mahini wrote:
> 
> > Using 'root' I granted "ModifySelf" to another userName, and now I can
> > no longer login using "root", neither the other user could login.
> >
> > The error message that I get is:
> >
> > 	Error "Your username or password is incorrect"
> >
> > Thanks,
> > Behzad
> > _______________________________________________
> > http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> >
> > Community help: http://wiki.bestpractical.com
> > Commercial support: sales at bestpractical.com
> >
> >
> > Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> > Buy a copy at http://rtbook.bestpractical.com
> 
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> 
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
> 
> 
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
> 

--

More information about the rt-users mailing list