Re: [rt-users] Passwords not working after upgrade to rt-4.0.8
Thomas, Just incase this helps you in the diagnoses . I managed to changed my user password via perl script and rt api. Managed to login and change my password from web ui, logout then in again ..still works Changed root password , then logged in as root and it worked. Password hash now looks better: !sha512!KKxW98Esg+bVXzfM!aWfTpkuRONLZaGwSFApCqXwS8nAlLshdeDLfhb0aV/2he4Hp7Gwu3eqkcx9PgA+CR2QESSuAMvGwNH2BplVZGQ So we know the database schema changes have been applied I checked if this isolated to my user and root , quick look in the Users table: mysql> select count(*) from Users where length(Password) > 42 ; +--+ | count(*) | +--+ |3 | +--+ These 3 accounts are my user root and an account I created today. But I am left with: mysql> select count(*) from Users where Password != '*NO-PASSWORD*' and length(Password) < 43 ; +--+ | count(*) | +--+ | 2343 | +--+ Any pointers?? Roy Visit our website today www.daisygroupplc.com Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire BB9 5SR Company Registration Number: 4145329 | VAT Number: 722471355 Daisy Communications Limited is a company registered in England and Wales. DISCLAIMER This email (including any attachments) is strictly confidential and may also be legally privileged. If the recipient has received this email in error please notify the sender and do not read, print, re-transmit, store or act in reliance on the email or its attachments and immediately delete this email and its attachments from the recipient’s system. Daisy Communications Limited cannot accept liability for any breaches of confidence arising through use of email. Employees of Daisy Communications Limited are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to the company’s policy and outside the scope of the employment of the individual concerned. Daisy Communications Limited will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liability arising. If you are the intended recipient of this email please ensure that neither the email nor any attachments are copied to third parties outside your organisation or saved without the written permission of the sender. In the event of any unauthorised copying or forwarding, the recipient will be required to indemnify Daisy Communications Limited against any claim for loss or damage caused by any viruses or otherwise. WARNING: Computer viruses can be transmitted by email. The recipient should check this email and any attachments for the presence of viruses. Daisy Communications Limited accepts no liability for any damage caused by any virus transmitted by this email or any attachments. NOTICE TO CUSTOMERS If you have ordered a telephone number from Daisy Communications Limited (non-geographic or new line installation) please do NOT arrange for any form of advertising until the number is live and tested. -Original Message- From: rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] On Behalf Of Raed El-Hames Sent: 31 January 2013 11:11 To: Thomas Sibley; rt-users@lists.bestpractical.com Subject: Re: [rt-users] Passwords not working after upgrade to rt-4.0.8 Hi Thomas, Thanks for your response. There is nothing in my local/lib (no local changes applied yet): [root@rt-dev lib]# pwd /opt/rt4/local/lib [root@rt-dev lib]# ls -al total 8 drwxr-xr-x 2 root root 4096 Jan 7 15:35 . drwxr-xr-x 7 root root 4096 Jan 7 15:35 .. My User.pm is attached (please note I have made any changes there either). Regards; Roy Visit our website today www.daisygroupplc.com Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire BB9 5SR Company Registration Number: 4145329 | VAT Number: 722471355 Daisy Communications Limited is a company registered in England and Wales. DISCLAIMER This email (including any attachments) is strictly confidential and may also be legally privileged. If the recipient has received this email in error please notify the sender and do not read, print, re-transmit, store or act in reliance on the email or its attachments and immediately delete this email and its attachments from the recipient’s system. Daisy Communications Limited cannot accept liability for any breaches of confidence arising through use of email. Employees of Daisy Communications Limited are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to the company’s policy and outside the scope of the employment of the individual concerned. Daisy Communica
Re: [rt-users] Passwords not working after upgrade to rt-4.0.8
On 01/30/2013 10:12 AM, Raed El-Hames wrote: > First of all apologies for the length of signature (I really can't do > anything about it). > I am in the process of upgrading my rt-3.8.7 to rt-4.0.8 , I followed all the > README and Upgrade docs. > I am installing into a clean rt4 directory, and only put in cosmetic > customisation . > [snip] > > My Users table: > | Users | CREATE TABLE `Users` ( > `id` int(11) NOT NULL AUTO_INCREMENT, > `Name` varchar(200) NOT NULL DEFAULT '', > `Password` varchar(256) DEFAULT NULL, > [snip] > > Also if its helps, the password entry for my user: > Password: !sha512!5B7CB45ok1NPS+Ig!LITc6RFH4wTOfqz Despite the longer column size, your password value is truncated. This is usually the result of an incomplete database upgrade that left the column length at 40. Can you reply with your /opt/rt4/lib/RT/User.pm and anything in /opt/rt4/local/lib/? Thomas
[rt-users] Passwords not working after upgrade to rt-4.0.8
Hi, First of all apologies for the length of signature (I really can't do anything about it). I am in the process of upgrading my rt-3.8.7 to rt-4.0.8 , I followed all the README and Upgrade docs. I am installing into a clean rt4 directory, and only put in cosmetic customisation . Ran make upgrade-database perl -I /opt/rt4/local/lib -I /opt/rt4/lib etc/upgrade/shrink_transactions_table.pl perl etc/upgrade/vulnerable-passwords --fix However now the root user and my user cannot login to the interface getting username or password incorrect error. I guess its all to do with vulnerable-passwords! I have seen few posts about this issue, but have n't seen a fix that applies to my situation, My Users table: | Users | CREATE TABLE `Users` ( `id` int(11) NOT NULL AUTO_INCREMENT, `Name` varchar(200) NOT NULL DEFAULT '', `Password` varchar(256) DEFAULT NULL, `Comments` text, `Signature` text, `EmailAddress` varchar(120) CHARACTER SET ascii DEFAULT NULL, `FreeformContactInfo` text, `Organization` varchar(200) DEFAULT NULL, `RealName` varchar(120) DEFAULT NULL, `NickName` varchar(16) DEFAULT NULL, `Lang` varchar(16) CHARACTER SET ascii DEFAULT NULL, `EmailEncoding` varchar(16) CHARACTER SET ascii DEFAULT NULL, `WebEncoding` varchar(16) CHARACTER SET ascii DEFAULT NULL, `ExternalContactInfoId` varchar(100) DEFAULT NULL, `ContactInfoSystem` varchar(30) DEFAULT NULL, `ExternalAuthId` varchar(100) DEFAULT NULL, `AuthSystem` varchar(30) DEFAULT NULL, `Gecos` varchar(16) DEFAULT NULL, `HomePhone` varchar(30) DEFAULT NULL, `WorkPhone` varchar(30) DEFAULT NULL, `MobilePhone` varchar(30) DEFAULT NULL, `PagerPhone` varchar(30) DEFAULT NULL, `Address1` varchar(200) DEFAULT NULL, `Address2` varchar(200) DEFAULT NULL, `City` varchar(100) DEFAULT NULL, `State` varchar(100) DEFAULT NULL, `Zip` varchar(16) DEFAULT NULL, `Country` varchar(50) DEFAULT NULL, `Timezone` varchar(50) CHARACTER SET ascii DEFAULT NULL, `PGPKey` blob, `Creator` int(11) NOT NULL DEFAULT '0', `Created` datetime DEFAULT NULL, `LastUpdatedBy` int(11) NOT NULL DEFAULT '0', `LastUpdated` datetime DEFAULT NULL, `AuthToken` varchar(16) CHARACTER SET ascii DEFAULT NULL, PRIMARY KEY (`id`), UNIQUE KEY `Users1` (`Name`), KEY `Users2` (`Name`), KEY `Users3` (`id`,`EmailAddress`), KEY `Users4` (`EmailAddress`) ) ENGINE=InnoDB AUTO_INCREMENT=12734800 DEFAULT CHARSET=utf8 | Also if its helps, the password entry for my user: Password: !sha512!5B7CB45ok1NPS+Ig!LITc6RFH4wTOfqz There is very little of any use in the log file (Logging and Statement log both set to 'debug'), and the only message I get is: [Wed Jan 30 17:25:43 2013] [error]: FAILED LOGIN for x from xx (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:739) The sql server is mysql Ver 14.14 Distrib 5.1.66 Any help will truly be appreciated. Regards; Roy Visit our website today www.daisygroupplc.com Registered Office: Daisy House, Lindred Road Business Park, Nelson, Lancashire BB9 5SR Company Registration Number: 4145329 | VAT Number: 722471355 Daisy Communications Limited is a company registered in England and Wales. DISCLAIMER This email (including any attachments) is strictly confidential and may also be legally privileged. If the recipient has received this email in error please notify the sender and do not read, print, re-transmit, store or act in reliance on the email or its attachments and immediately delete this email and its attachments from the recipient's system. Daisy Communications Limited cannot accept liability for any breaches of confidence arising through use of email. Employees of Daisy Communications Limited are expressly required not to make any defamatory statements and not to infringe or authorise any infringement of copyright or any other legal right by email communications. Any such communication is contrary to the company's policy and outside the scope of the employment of the individual concerned. Daisy Communications Limited will not accept any liability in respect of such a communication, and the employee responsible will be personally liable for any damages or other liability arising. If you are the intended recipient of this email please ensure that neither the email nor any attachments are copied to third parties outside your organisation or saved without the written permission of the sender. In the event of any unauthorised copying or forwarding, the recipient will be required to indemnify Daisy Communications Limited against any claim for loss or damage caused by any viruses or otherwise. WARNING: Computer viruses can be transmitted by email. The recipient should check this email and any attachments for the presence of viruses. Daisy Communications Limited accepts no liability for any damage caused by any virus transmitted by this email or any attachments. NOTICE TO CUSTOMERS If you have ordered a telephone number from Daisy Communications Limited (non-geograp