Hi Jonathan, (posted inline for reference)
>Hello Keith, >On Friday, January 24, 2003, Keith Mastin wrote... > >> Since the discussions around plugins earlier, I took a closer look, >> and found a couple things that don't work the way they should... > >> SM 1.2.10 >> Apache 1.3.27.2 w/ openssl-0.9.6b-28 and mod_auth_pam-1.1.1 >> Login Auth v.1.1 >> Administrator-1.1 > >> Users login to the (ssl-enabled) site and then select the SM link >> where they would normally login. When login_auth is enabled, they >> get the Unknown user or password incorrect error. Of course, this is >> substantially a worse PITA than entering the username/passwd pair >> twice, which this plugin was designed to circumvent. > >I've not used login_auth, but it could be possible that it hasn't been >'fixed' to work with the register_globals setting in your php.ini file >being set to Off. If this is the case, then values it is expecting are >no longer 'there', but you have to manually fetch them from specific >locations. I could take a quick look at this later if you'd like. hmmm.. I may have a problem then, because register_globals is On in php.ini >> The Administrator's window has a message at the bottom: "Config file >> can't be opened. Please check config.php." My guess that this is a >> permissions error, because when I change the permissions to 0777, >> the message goes away and changes take effect. The documentation for >> the plugin suggest to change the permissions to 0660, but when that >> happens then the Administrator link isn't listed on the options >> page. > >Yes... you'd be right. It is a permissions and ownership problem. If >you're going to set the file permission to 0660 the file must be owned >(group, and user) by the webserver. For example, if your apache runs >as the user apached and the group as www-data, then the permissions >should be something like this: > >-rw-rw---- 1 apached www-data 6704 Jan 13 23:44 config.php > I tried that and it didn't work here, but I did get it working with a slight variance. Apache has Owner apache and Group shadow-readers (necessary to use mod_auth_pam on Redhat-7.3 with Apache-1.2.27-2) from /etc/passwd: apache:x:48:2002:Apache:/var/www:/bin/false from /etc/group: shadow-readers:x:2002:keith.mastin Administrator was working with these perms: [root@mail webmail]# ll config/config.php -rwxrwxrwx 1 keith.ma apache 5911 Jan 24 16:34 config/config.php [root@mail webmail]# chown apache:apache config/config.php and didn't work with these ones (at least, not in the order they appear here): [tested every line] [root@mail webmail]# chmod 0660 config/config.php [root@mail webmail]# chown apache:shadow-readers config/config.php [root@mail webmail]# chown apache:apache config/config.php [root@mail webmail]# chmod 0770 config/config.php [root@mail webmail]# chmod 0777 config/config.php it does work after changing the ownership to user keith.mastin and group shadow-readers: [root@mail webmail]# chown keith.mastin:shadow-readers config/config.php [root@mail webmail]# chmod 0660 config/config.php [root@mail webmail]# ll config/config.php -rw-rw---- 1 keith.ma shadow-r 5911 Jan 25 13:16 config/config.php <snip> Thanks for the input. Much appreciated. ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com -- squirrelmail-users mailing list List Address: [EMAIL PROTECTED] List Archives: http://sourceforge.net/mailarchive/forum.php?forum_id=2995 List Info: https://lists.sourceforge.net/lists/listinfo/squirrelmail-users
