[rt-users] ModifySelf Privilege Prevents Login
Behzad Mahini
mahini at apple.com
Fri Sep 25 13:25:13 EDT 2009
1) Systemlog & MySQL log points:
==========================
system.log file:
RT[350]: FAILED LOGIN for root from xx.xx.xx.xx (/some_dir_xx//share/
html/autohandler:268)
..<<which is saying the same thing that my Apache error_log indicated>>
Mysql log files:
The only log files that I have for MySQL are binary log files and they
are:
mysql-bin.xxx0
mysql-bin.xxx1
...
and
ib_logfile0
ib_logfile1
..and timestamp associated to these ar as of Aug 30, 2009 (which way
before I started having my password problem of yesterday!)
2) I rebooted my box, in the hopes of it clearing up some item that I
am not aware of -- that did not do any good
===============================================================
3) Using the "RecoverRootPassword" Wiki page, I tried to change my
password at the command/Perl level:
=
=
=
=
=
=
=
=
=
=
========================================================================
perl -I/opt/rt3/local/lib -I/opt/rt3/lib \
-MRT -MRT::User \
-e'RT::LoadConfig();RT::Init(); my $u = RT::User-
>new($RT::SystemUser); $u->Load("root"); $u->SetPassword("secret")'
that did not help either, and I got the following complaint:
Change of config option 'MaxInlineBody' at /ngs/app/rt/oppresso/
rt-3.8.4/local/plugins/RT-IR/etc/RTIR_Config.pm line 13 has been
ignored. It's may be ok, but we want you to be aware. This option
earlier has been set in /ngs/app/rt/oppresso/rt-3.8.4/etc/
RT_SiteConfig.pm line 152. at /usr/local/src/oppresso/rt-3.8.4/lib/RT/
Config.pm line 738.
Change of config option 'Active_MakeClicky' at /ngs/app/rt/oppresso/
rt-3.8.4/local/plugins/RT-IR/etc/RTIR_Config.pm line 263 has been
ignored. It's may be ok, but we want you to be aware. This option
earlier has been set in /ngs/app/rt/oppresso/rt-3.8.4/etc/
RT_SiteConfig.pm line 186. at /usr/local/src/oppresso/rt-3.8.4/lib/RT/
Config.pm line 738.
[Fri Sep 25 16:59:45 2009] [crit]: Can't locate RT/FM.pm in @INC (@INC
contains: /usr/local/src/oppresso/rt-3.8.4/lib /ngs/app/rt/oppresso/
rt-3.8.4/lib /Library/Perl/Updates/5.8.8/darwin-thread-multi-2level /
Library/Perl/Updates/5.8.8 /System/Library/Perl/5.8.8/darwin-thread-
multi-2level /System/Library/Perl/5.8.8 /Library/Perl/5.8.8/darwin-
thread-multi-2level /Library/Perl/5.8.8 /Library/Perl /Network/Library/
Perl/5.8.8/darwin-thread-multi-2level /Network/Library/Perl/5.8.8 /
Network/Library/Perl /System/Library/Perl/Extras/5.8.8/darwin-thread-
multi-2level /System/Library/Perl/Extras/5.8.8 /Library/Perl/5.8.6 /
Library/Perl/5.8.1 .) at /usr/local/src/oppresso/rt-3.8.4/lib/RT.pm
line 627. (/usr/local/src/oppresso/rt-3.8.4/lib/RT.pm:377)
Can't locate RT/FM.pm in @INC (@INC contains: /usr/local/src/oppresso/
rt-3.8.4/lib /ngs/app/rt/oppresso/rt-3.8.4/lib /Library/Perl/Updates/
5.8.8/darwin-thread-multi-2level /Library/Perl/Updates/5.8.8 /System/
Library/Perl/5.8.8/darwin-thread-multi-2level /System/Library/Perl/
5.8.8 /Library/Perl/5.8.8/darwin-thread-multi-2level /Library/Perl/
5.8.8 /Library/Perl /Network/Library/Perl/5.8.8/darwin-thread-
multi-2level /Network/Library/Perl/5.8.8 /Network/Library/Perl /System/
Library/Perl/Extras/5.8.8/darwin-thread-multi-2level /System/Library/
Perl/Extras/5.8.8 /Library/Perl/5.8.6 /Library/Perl/5.8.1 .) at /usr/
local/src/oppresso/rt-3.8.4/lib/RT.pm line 627.
-Behzad
On Sep 25, 2009, at 9:46 AM, Jesse Vincent wrote:
>
>
>
> On Fri, Sep 25, 2009 at 09:03:56AM -0700, Behzad Mahini wrote:
>> Hoping this additional piece of Information from Apache 'error_log"
>> file would provide more clue for debugging:
>
> Out of curiousity, is there anything interesting in your syslog or
> database error log?
>>
>>
>> ====
>> [error]: FAILED LOGIN for root from xx.xxx.xx.xxx (/some_dir_xxx/
>> share/
>> html/autohandler:268)
>> ====
>>
>> lines of the code within "autohandler" that the above error message
>> is
>> pointing to are:
>>
>> ====
>> unless( $session{'CurrentUser'} ) {
>> # If the user is logging in, let's authenticate
>> if( defined $user && defined $pass ) {
>> my $user_obj = RT::CurrentUser->new;
>> $user_obj->Load( $user );
>>
>> unless ( $user_obj->id && $user_obj->IsPassword( $pass ) ) {
>> $RT::Logger->error("FAILED LOGIN for $user from
>> $ENV{'REMOTE_ADDR'}"); <<..........line 268, WHERE the complaint is
>> being made...>>
>> $m->comp( '/Elements/Login', %ARGS,
>> Error => loc('Your username or password is
>> incorrect'),
>> );
>> $m->callback( %ARGS, CallbackName => 'FailedLogin' );
>> $m->abort;
>> }
>> $session{'CurrentUser'} = $user_obj;
>> $RT::Logger->info(
>> "Successful login for $user from $ENV{'REMOTE_ADDR'}");
>> $m->callback( %ARGS, CallbackName => 'SuccessfulLogin' );
>> }
>> # if no credentials then show him login page
>> else {
>> $m->comp( '/Elements/Login', %ARGS );
>> $m->abort;
>> }
>> }
>>
>> ====
>>
>> -Behzad
>> On Sep 24, 2009, at 4:56 PM, Behzad Mahini wrote:
>>
>>> Using 'root' I granted "ModifySelf" to another userName, and now I
>>> can
>>> no longer login using "root", neither the other user could login.
>>>
>>> The error message that I get is:
>>>
>>> Error "Your username or password is incorrect"
>>>
>>> Thanks,
>>> Behzad
>>> _______________________________________________
>>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>>
>>> Community help: http://wiki.bestpractical.com
>>> Commercial support: sales at bestpractical.com
>>>
>>>
>>> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
>>> Buy a copy at http://rtbook.bestpractical.com
>>
>> _______________________________________________
>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>> Community help: http://wiki.bestpractical.com
>> Commercial support: sales at bestpractical.com
>>
>>
>> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
>> Buy a copy at http://rtbook.bestpractical.com
>>
>
> --
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090925/c1972895/attachment.htm>
More information about the rt-users
mailing list