Menu
▾
▴
Re: [webmin-l] Peculiar custom theme problem, possible PAM authentication problem
|
From: Dave I. <dav...@en...> - 2007-04-25 18:19:58
|
That URL returned a file not found error, so I downloaded the latest dev version (1.343) and took the miniserv.pl from that package, updated it accordingly, and restarted. Nope, the problem still occurs. I did notice that now to recreate the problem repeatedly I have to change the page I am on before logging out. For example, click on the Servers tab, logout, reproduce, click on the System tab, logout, reproduce, click on the Networking tab, logout, reproduce, etc etc. Thanks Dave I =20 -----Original Message----- From: web...@li... [mailto:web...@li...] On Behalf Of Jamie Cameron Sent: Wednesday, April 25, 2007 12:59 PM To: Webmin users list Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM authentication problem Hi Dave, Hmm, perhaps I made some other miniserv.pl changes since 1.340 that also contributed to this fix. You can get the latest version from http://fudu.webmin.com/miniserv.pl. You'll need to fix up the #! line at the top after copying it into place, and of course restart Webmin.. - Jamie On 25/Apr/2007 06:49 Dave Isaacs wrote .. > Ummmm, I made the change that you suggested (I cut and pasted the=20 > corrected lines from your email), restarted Webmin, and it had no=20 > effect whatsoever. I am still able to reproduce the problem as described. >=20 > Thanks >=20 > Dave I >=20 > -----Original Message----- > From: web...@li... > [mailto:web...@li...] On Behalf Of=20 > Jamie Cameron > Sent: Tuesday, April 24, 2007 9:40 PM > To: Webmin users list > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM=20 > authentication problem >=20 > Hi Dave, > Thanks for the detailed list of steps to re-produce this - I found the > problem by following them, and will include a fix in the next Webmin=20 > release. > Or if you don't want to wait, you can edit miniserv.pl and change the=20 > lines : >=20 > $ENV{"REMOTE_USER"} =3D $authuser if (defined($authuser)); > $ENV{"BASE_REMOTE_USER"} =3D$baseauthuser if ($authuser ne=20 > $baseauthuser); >=20 > to : >=20 > $ENV{"REMOTE_USER"} =3D $authuser; > $ENV{"BASE_REMOTE_USER"} =3D $authuser ne $baseauthuser ? > $baseauthuser : undef; >=20 > - Jamie >=20 > On 24/Apr/2007 13:43 Dave Isaacs wrote .. > > I appear to have reproduced this issue without using my custom theme > > or a special PAM library. > >=20 > > The steps to reproduce: > >=20 > > (1) Install Webmin 1.330. On my setup, Webmin is configured to use=20 > > SSL >=20 > > connections only. > > (2) Login as root and go to the Webmin Configuration ->=20 > > Authentication >=20 > > module. > > (3) Turn on Full PAM Conversations and save. > > (4) Go to the Webmin Configuration -> Webmin Themes > > (5) Change to the MSC Linux Theme and save. > > (6) Click on the System tab. > > (7) Click on the Logout link. > > (8) When prompted for the username, enter root and click Continue. > > (9) The page that prompts for the password appears, somewhat messed > up. > >=20 > > At this point, you may be on a page that appears as in the following > > screen shot: http://khendron.com/sandbox/login_problem.gif. Note=20 > > that even though you are not logged in, the theme appears to think=20 > > you are logged in and displays the tabs across the top of the page.=20 > > I also edited the MSC Linux Theme files to display the value of=20 > > $remote_user, >=20 > > and at this point $remote_user is set to "root". > >=20 > > Step (6) is important. You don't have to click on the System tab=20 > > specifically. The idea is that you have to *not* be on the home URL=20 > > of >=20 > > the webmin server. If you are https://servername:10000 the problem=20 > > will not occur, but if you are on=20 > > https://servername:10000/some_page_or_module the problem will occur. > > Perhaps the login process is trying to redirect to the referrer page > > before the login is complete? > >=20 > > Interestingly, the problem will occur only once. If you recreate the > > problem, complete the login and then pick it up again at step (6),=20 > > the >=20 > > problem will not reoccur. But if you clear the browser cache and=20 > > then pick it up at step (6), then problem will reoccur (On my custom > > theme, >=20 > > the problem occurs every single time, regardless of caching). Note=20 > > I've reproduced this using IE7 and FF2. > >=20 > > I hope you are able to repeat this issue. I am totally scratching my > > head on it and need some assistance. > >=20 > > Thanks > >=20 > > Dave I > >=20 > > -----Original Message----- > > From: web...@li... > > [mailto:web...@li...] On Behalf Of=20 > > Dave >=20 > > Isaacs > > Sent: Tuesday, April 24, 2007 6:59 AM > > To: Webmin users list > > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM=20 > > authentication problem > >=20 > > Though not included in the setup I described, we plan on extending=20 > > the >=20 > > Webmin login to include 2-factor authentication. This will require=20 > > full PAM conversations. > >=20 > > There have been reports of similar behaviour, dating back to before=20 > > pam conversations was turned on, that occurred after a session=20 > > timeout. The resulting login page (which prompted for username and > > password) also contained the "You are logged in ..." message. That=20 > > bug >=20 > > reports was using version 1.290. We are currently running 1.330. > >=20 > > I will continue debugging. Are there any specific places I should=20 > > look >=20 > > at in miniserv.pl? > >=20 > > Thanks > >=20 > > Dave I > >=20 > > -----Original Message----- > > From: web...@li... > > [mailto:web...@li...] On Behalf Of=20 > > Jamie Cameron > > Sent: Tuesday, April 24, 2007 12:44 AM > > To: Webmin users list > > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM=20 > > authentication problem > >=20 > > On 23/Apr/2007 14:37 Dave Isaacs wrote .. > > > My apologies for the long description that follows. I am having a=20 > > > most > >=20 > > > peculiar problem and need to describe the setup in detail in order > > > to make any sense whatsoever. > > >=20 > > > I have a custom Webmin theme that, among other things, displays=20 > > > the a string in the header of each page "You are logged in to=20 > > > HOSTNAME as USERNAME" where HOSTNAME and USERNAME are the hostname > > > of the Webmin server and names of the logged in user, respectively. > > >=20 > > > The USERNAME string I am getting from the $remote_user global > > variable. > > >=20 > > > Also, I an using Full PAM Conversations, so when logging in,=20 > > > instead >=20 > > > of a single form with Username and Password, logging in requires 2 > > pages. > > > One for the Username and one of the Password. The "You are logged=20 > > > in >=20 > > > ..." string is suppressed when $remote_user is empty, to avoid=20 > > > displaying the message when you are logging in. > > >=20 > > > Here's the problem: > > > Sometimes (not all the time), if I log out as one user and then=20 > > > log in > >=20 > > > immediately as another user, something odd occurs. Let's assume I=20 > > > am >=20 > > > logged in as User1, and want to log in as User2. I click the=20 > > > Logout link, and get the page that prompts for the username. I=20 > > > enter User2 and click Continue. The next page prompts for the=20 > > > password, but it also displays the string "You are logged in ...=20 > > > as User1." So halfway through the process of logging in as User2,=20 > > > I am seeing $remote_user being equal to "User1". > > >=20 > > > I have no idea why this is occurring, but I think there are larger > > > ramifications to the issue because often (again not always) after=20 > > > this > >=20 > > > occurs, miniserv.pl starts failing completely when logging in and=20 > > > will > >=20 > > > start returning "403 Login failed" after entering the username. At > > > this point the only solution I have is to shell into the box and=20 > > > restart Webmin. > > >=20 > > > Thanks > > >=20 > > > Dave Isaacs > > >=20 > > > Oh yeah, this is running on Red Hat EL4, and I have specified the=20 > > > pam_radius_auth.so PAM library in /etc/pam.d/webmin. It all works=20 > > > fine, except for this periodic problem. > >=20 > > Hi Dave, > >=20 > > This definately looks like a Webmin bug, but I couldn't see anything > > in the code that could trigger it .. except perhaps incorrect=20 > > caching of the PAM login page in the browser. > >=20 > > I'm curious about why you enabled the full PAM conversations feature > > though - typically this is only needed if your PAM setup asks for=20 > > more >=20 > > than a username and password. Is this the case on your system? If=20 > > not, >=20 > > you could try turning it off.. > >=20 > > - Jamie > >=20 > > -------------------------------------------------------------------- > > -- > > -- > > - > > This SF.net email is sponsored by DB2 Express Download DB2 Express C > - >=20 > > the FREE version of DB2 express and take control of your XML. No > limits. > > Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > - > > Forwarded by the Webmin mailing list at=20 > > web...@li... > > To remove yourself from this list, go to=20 > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > >=20 > > -------------------------------------------------------------------- > > -- > > -- > > - > > This SF.net email is sponsored by DB2 Express Download DB2 Express C > - >=20 > > the FREE version of DB2 express and take control of your XML. No > limits. > > Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > - > > Forwarded by the Webmin mailing list at=20 > > web...@li... > > To remove yourself from this list, go to=20 > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > >=20 > > -------------------------------------------------------------------- > > -- > > --- This SF.net email is sponsored by DB2 Express Download DB2=20 > > Express >=20 > > C - the FREE version of DB2 express and take control of your XML. No > > limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > - > > Forwarded by the Webmin mailing list at=20 > > web...@li... > > To remove yourself from this list, go to=20 > > http://lists.sourceforge.net/lists/listinfo/webadmin-list >=20 > ---------------------------------------------------------------------- > -- > - > This SF.net email is sponsored by DB2 Express Download DB2 Express C - > the FREE version of DB2 express and take control of your XML. No limits. > Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > - > Forwarded by the Webmin mailing list at=20 > web...@li... > To remove yourself from this list, go to=20 > http://lists.sourceforge.net/lists/listinfo/webadmin-list >=20 > ---------------------------------------------------------------------- > --- This SF.net email is sponsored by DB2 Express Download DB2 Express > C - the FREE version of DB2 express and take control of your XML. No=20 > limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > - > Forwarded by the Webmin mailing list at=20 > web...@li... > To remove yourself from this list, go to=20 > http://lists.sourceforge.net/lists/listinfo/webadmin-list ------------------------------------------------------------------------ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ - Forwarded by the Webmin mailing list at web...@li... To remove yourself from this list, go to http://lists.sourceforge.net/lists/listinfo/webadmin-list |
