[rt-users] ModifySelf Privilege Prevents Login

Behzad Mahini mahini at apple.com
Fri Sep 25 13:47:50 EDT 2009


..I also looked at the real mysql log file (i.e., "  
<serverName>.err"), and that did not reveal any worthy information,  
besides its timestamp was also as of Aug 30th (again way before my  
password problem of last night).

-Behzad
On Sep 25, 2009, at 10:25 AM, Behzad Mahini wrote:

>
> 1) Systemlog & MySQL log points:
> ==========================
> system.log file:
>
> RT[350]: FAILED LOGIN for root from xx.xx.xx.xx (/some_dir_xx//share/ 
> html/autohandler:268)
> ..<<which is saying the same thing that my Apache error_log  
> indicated>>
>
>
> Mysql log files:
> The only log files that I have for MySQL are binary log files and  
> they are:
>
> mysql-bin.xxx0
> mysql-bin.xxx1
> ...
>
> and
> ib_logfile0
> ib_logfile1
>
> ..and timestamp associated to these ar as of Aug 30, 2009 (which way  
> before I started having my password problem of yesterday!)
>
> 2) I rebooted my box, in the hopes of it clearing up some item that  
> I am not aware of -- that did not do any good
> ===============================================================
>
> 3) Using the "RecoverRootPassword" Wiki page, I tried to change my  
> password at the command/Perl level:
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> = 
> ======================================================================
>
> perl -I/opt/rt3/local/lib -I/opt/rt3/lib \
>     -MRT -MRT::User \
>     -e'RT::LoadConfig();RT::Init(); my $u = RT::User- 
> >new($RT::SystemUser); $u->Load("root"); $u->SetPassword("secret")'
> that did not help either, and I got the following complaint:
>
> Change of config option 'MaxInlineBody' at /ngs/app/rt/oppresso/ 
> rt-3.8.4/local/plugins/RT-IR/etc/RTIR_Config.pm line 13 has been  
> ignored. It's may be ok, but we want you to be aware. This option  
> earlier has been set in /ngs/app/rt/oppresso/rt-3.8.4/etc/ 
> RT_SiteConfig.pm line 152. at /usr/local/src/oppresso/rt-3.8.4/lib/ 
> RT/Config.pm line 738.
>
> Change of config option 'Active_MakeClicky' at /ngs/app/rt/oppresso/ 
> rt-3.8.4/local/plugins/RT-IR/etc/RTIR_Config.pm line 263 has been  
> ignored. It's may be ok, but we want you to be aware. This option  
> earlier has been set in /ngs/app/rt/oppresso/rt-3.8.4/etc/ 
> RT_SiteConfig.pm line 186. at /usr/local/src/oppresso/rt-3.8.4/lib/ 
> RT/Config.pm line 738.
>
> [Fri Sep 25 16:59:45 2009] [crit]: Can't locate RT/FM.pm in @INC  
> (@INC contains: /usr/local/src/oppresso/rt-3.8.4/lib /ngs/app/rt/ 
> oppresso/rt-3.8.4/lib /Library/Perl/Updates/5.8.8/darwin-thread- 
> multi-2level /Library/Perl/Updates/5.8.8 /System/Library/Perl/5.8.8/ 
> darwin-thread-multi-2level /System/Library/Perl/5.8.8 /Library/Perl/ 
> 5.8.8/darwin-thread-multi-2level /Library/Perl/5.8.8 /Library/Perl / 
> Network/Library/Perl/5.8.8/darwin-thread-multi-2level /Network/ 
> Library/Perl/5.8.8 /Network/Library/Perl /System/Library/Perl/Extras/ 
> 5.8.8/darwin-thread-multi-2level /System/Library/Perl/Extras/5.8.8 / 
> Library/Perl/5.8.6 /Library/Perl/5.8.1 .) at /usr/local/src/oppresso/ 
> rt-3.8.4/lib/RT.pm line 627. (/usr/local/src/oppresso/rt-3.8.4/lib/ 
> RT.pm:377)
>
> Can't locate RT/FM.pm in @INC (@INC contains: /usr/local/src/ 
> oppresso/rt-3.8.4/lib /ngs/app/rt/oppresso/rt-3.8.4/lib /Library/ 
> Perl/Updates/5.8.8/darwin-thread-multi-2level /Library/Perl/Updates/ 
> 5.8.8 /System/Library/Perl/5.8.8/darwin-thread-multi-2level /System/ 
> Library/Perl/5.8.8 /Library/Perl/5.8.8/darwin-thread-multi-2level / 
> Library/Perl/5.8.8 /Library/Perl /Network/Library/Perl/5.8.8/darwin- 
> thread-multi-2level /Network/Library/Perl/5.8.8 /Network/Library/ 
> Perl /System/Library/Perl/Extras/5.8.8/darwin-thread-multi-2level / 
> System/Library/Perl/Extras/5.8.8 /Library/Perl/5.8.6 /Library/Perl/ 
> 5.8.1 .) at /usr/local/src/oppresso/rt-3.8.4/lib/RT.pm line 627.
>
>
> -Behzad
> On Sep 25, 2009, at 9:46 AM, Jesse Vincent wrote:
>
>>
>>
>>
>> On Fri, Sep 25, 2009 at 09:03:56AM -0700, Behzad Mahini wrote:
>>> Hoping this additional piece of Information from Apache 'error_log"
>>> file would provide more clue for debugging:
>>
>> Out of curiousity, is there anything interesting in your syslog or
>> database error log?
>>>
>>>
>>> ====
>>> [error]: FAILED LOGIN for root from xx.xxx.xx.xxx (/some_dir_xxx/ 
>>> share/
>>> html/autohandler:268)
>>> ====
>>>
>>> lines of the code within "autohandler" that the above error  
>>> message is
>>> pointing to are:
>>>
>>> ====
>>> unless( $session{'CurrentUser'} ) {
>>>     # If the user is logging in, let's authenticate
>>>     if( defined $user && defined $pass ) {
>>>         my $user_obj = RT::CurrentUser->new;
>>>         $user_obj->Load( $user );
>>>
>>>         unless ( $user_obj->id && $user_obj->IsPassword( $pass ) ) {
>>>             $RT::Logger->error("FAILED LOGIN for $user from
>>> $ENV{'REMOTE_ADDR'}");	<<..........line 268, WHERE the complaint is
>>> being made...>>
>>>             $m->comp( '/Elements/Login', %ARGS,
>>>                       Error => loc('Your username or password is
>>> incorrect'),
>>>                     );
>>>             $m->callback( %ARGS, CallbackName => 'FailedLogin' );
>>>             $m->abort;
>>>         }
>>>         $session{'CurrentUser'} = $user_obj;
>>>         $RT::Logger->info(
>>>             "Successful login for $user from $ENV{'REMOTE_ADDR'}");
>>>         $m->callback( %ARGS, CallbackName => 'SuccessfulLogin' );
>>>     }
>>>     # if no credentials then show him login page
>>>     else {
>>>         $m->comp( '/Elements/Login', %ARGS );
>>>         $m->abort;
>>>     }
>>> }
>>>
>>> ====
>>>
>>> -Behzad
>>> On Sep 24, 2009, at 4:56 PM, Behzad Mahini wrote:
>>>
>>>> Using 'root' I granted "ModifySelf" to another userName, and now  
>>>> I can
>>>> no longer login using "root", neither the other user could login.
>>>>
>>>> The error message that I get is:
>>>>
>>>> 	Error "Your username or password is incorrect"
>>>>
>>>> Thanks,
>>>> Behzad
>>>> _______________________________________________
>>>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>>>
>>>> Community help: http://wiki.bestpractical.com
>>>> Commercial support: sales at bestpractical.com
>>>>
>>>>
>>>> Discover RT's hidden secrets with RT Essentials from O'Reilly  
>>>> Media.
>>>> Buy a copy at http://rtbook.bestpractical.com
>>>
>>> _______________________________________________
>>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>>
>>> Community help: http://wiki.bestpractical.com
>>> Commercial support: sales at bestpractical.com
>>>
>>>
>>> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
>>> Buy a copy at http://rtbook.bestpractical.com
>>>
>>
>> -- 
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20090925/358b2e23/attachment.htm>


More information about the rt-users mailing list