[rt-users] RT4 upgrade woes - user accounts lock?

Kevin Falcone falcone at bestpractical.com
Tue Jun 7 16:04:26 EDT 2011


On Tue, Jun 07, 2011 at 03:48:19PM -0400, Joshua Knarr wrote:
> Attached.

You don't appear to have run the database upgrades.
Which upgrade steps have you done?  Please show exactly what you ran
and the outputs.  You should be sure to review all relevant
docs/UPGRADING-*

`Password` varbinary(40) default NULL,

That is not the right size for the passwords, which is why your users
get locked out after the upgrade.  Please note that merely fixing the
size is unlikely to fix other problems caused by skipping upgrades.

-kevin

> On Tue, 2011-06-07 at 11:52 -0400, Kevin Falcone wrote:
> 
> > On Tue, Jun 07, 2011 at 09:23:42AM -0400, Joshua Knarr wrote:
> > >    We seriously do not have any extensions, either on the old host or the new host. We would like
> > >    to be able to use LDAP at some point but it isn't looking good for keeping confluence overall.
> > > 
> > >    I wiped the new box and I wiped the database host and redid the entire process from the get go
> > >    - we're still experiencing the same problem.
> > > 
> > >    It looks like RT is having problems matching the SHA hashes, but I'm really not sure what's
> > >    going on. I know in users.pm we convert the password the first time the user logs in from MD5
> > >    to SHA, but then it seems to fail all the new SHA matches. WTF?
> > 
> > You should be running the vulnerable-passwords script as documented in
> > the UPGRADING-3.8 documentation which means passwords will already be
> > in the new SHA format.
> > 
> > Did you do all the upgrade steps?
> > 
> > Please run 'SHOW CREATE TABLE Users'
> > 
> > -kevin
> > 
> > >    On Mon, 2011-06-06 at 10:57 -0400, Kevin Falcone wrote:
> > > 
> > >  On Mon, Jun 06, 2011 at 10:44:46AM -0400, Joshua Knarr wrote:
> > >  >    I just tracked this down to the password changing in the database...
> > >  >
> > >  >    If I try to log in after upgrading - it works for awhile then stops working. The question is
> > >  >    why?
> > >  >
> > >  >    The workaround:
> > >  >    UPDATE Users SET Password=md5('password') WHERE Name='knarrj';
> > >  >
> > >  >    This isn't good. I would vastly prefer to not have to run the upgrade again and I would really
> > >  >    like to use the old passwords. Is there a workaround? What changed?
> > > 
> > >  What changed was
> > >  [1]http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html
> > > 
> > >  It is also documented in docs/UPGRADING-3.8
> > > 
> > >  It sounds like you have an extension somewhere that clobbers the new
> > >  password checking routine.  It also sounds like you missed some parts
> > >  of the upgrade.
> > > 
> > >  -kevin
> > > 
> > >  >    On Mon, 2011-06-06 at 09:29 -0400, Joshua Knarr wrote:
> > >  >
> > >  >      I am upgrading from RT 3.4.5 to RT 4.
> > >  >
> > >  >      I read the docs and stopped at 3.8, did the schema stuff, and then continued to 4 per the
> > >  >      instructions for upgrading mysql also.
> > >  >
> > >  >      On the new system it runs for a few hours just fine, but then suddenly everyones account
> > >  >      gets locked.
> > >  >
> > >  >      I restarted the services, I checked my configs, I'm coming up empty. What went wrong or
> > >  >      where should I be looking?
> > > 
> > >    --
> > >    Joshua Knarr
> > >    Systems Engineer
> > >    GSI Commerce, Inc.  [2]http://www.gsicommerce.com
> > >    E-Mail: [3]knarrj at gsicommerce.com
> > >    Office: 610-491-7110
> > >    Mobile: 484-636-7371
> > > 
> > >    The information contained in this electronic mail transmission is intended only for the use of
> > >    the individual or entity named in this transmission. If you are not the intended recipient of
> > >    this transmission, you are hereby notified that any disclosure, copying or distribution of the
> > >    contents of this transmission is strictly prohibited and that you should delete the contents
> > >    of this transmission from your system immediately. Any comments or statements contained in
> > >    this transmission do not necessarily reflect the views or position of GSI Commerce, Inc. or
> > >    its subsidiaries and/or affiliates.
> > > 
> > > References
> > > 
> > >    Visible links
> > >    1. http://lists.bestpractical.com/pipermail/rt-announce/2011-January/000185.html
> > >    2. http://www.gsicommerce.com/
> > >    3. mailto:hellerk at gsicommerce.com
> 
> 
> -- 
> Joshua Knarr
> Systems Engineer
> GSI Commerce, Inc.  http://www.gsicommerce.com
> E-Mail: knarrj at gsicommerce.com
> Office: 610-491-7110
> Mobile: 484-636-7371
> 
> The information contained in this electronic mail transmission is
> intended only for the use of the individual or entity named in this
> transmission. If you are not the intended recipient of this
> transmission, you are hereby notified that any disclosure, copying or
> distribution of the contents of this transmission is strictly prohibited
> and that you should delete the contents of this transmission from your
> system immediately. Any comments or statements contained in this
> transmission do not necessarily reflect the views or position of GSI
> Commerce, Inc. or its subsidiaries and/or affiliates.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20110607/a2f7e8dc/attachment.sig>


More information about the rt-users mailing list