Menu
▾
▴
Re: [webmin-l] Peculiar custom theme problem, possible PAM authentication problem
|
From: Jamie C. <jca...@we...> - 2007-04-25 19:37:39
|
Try that URL again now .. the miniserv.pl in 1.343 doesn't include the fix. - Jamie On 25/Apr/2007 11:19 Dave Isaacs wrote .. > That URL returned a file not found error, so I downloaded the latest dev > version (1.343) and took the miniserv.pl from that package, updated it > accordingly, and restarted. > > Nope, the problem still occurs. I did notice that now to recreate the > problem repeatedly I have to change the page I am on before logging out. > For example, click on the Servers tab, logout, reproduce, click on the > System tab, logout, reproduce, click on the Networking tab, logout, > reproduce, etc etc. > > Thanks > > Dave I > > > > -----Original Message----- > From: web...@li... > [mailto:web...@li...] On Behalf Of Jamie > Cameron > Sent: Wednesday, April 25, 2007 12:59 PM > To: Webmin users list > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM > authentication problem > > Hi Dave, > Hmm, perhaps I made some other miniserv.pl changes since 1.340 that also > contributed to this fix. > > You can get the latest version from http://fudu.webmin.com/miniserv.pl. > You'll need to fix up the #! line at the top after copying it into > place, and of course restart Webmin.. > > - Jamie > > On 25/Apr/2007 06:49 Dave Isaacs wrote .. > > Ummmm, I made the change that you suggested (I cut and pasted the > > corrected lines from your email), restarted Webmin, and it had no > > effect whatsoever. I am still able to reproduce the problem as > described. > > > > Thanks > > > > Dave I > > > > -----Original Message----- > > From: web...@li... > > [mailto:web...@li...] On Behalf Of > > Jamie Cameron > > Sent: Tuesday, April 24, 2007 9:40 PM > > To: Webmin users list > > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM > > authentication problem > > > > Hi Dave, > > Thanks for the detailed list of steps to re-produce this - I found the > > > problem by following them, and will include a fix in the next Webmin > > release. > > Or if you don't want to wait, you can edit miniserv.pl and change the > > lines : > > > > $ENV{"REMOTE_USER"} = $authuser if (defined($authuser)); > > $ENV{"BASE_REMOTE_USER"} =$baseauthuser if ($authuser ne > > $baseauthuser); > > > > to : > > > > $ENV{"REMOTE_USER"} = $authuser; > > $ENV{"BASE_REMOTE_USER"} = $authuser ne $baseauthuser ? > > $baseauthuser : undef; > > > > - Jamie > > > > On 24/Apr/2007 13:43 Dave Isaacs wrote .. > > > I appear to have reproduced this issue without using my custom theme > > > > or a special PAM library. > > > > > > The steps to reproduce: > > > > > > (1) Install Webmin 1.330. On my setup, Webmin is configured to use > > > SSL > > > > > connections only. > > > (2) Login as root and go to the Webmin Configuration -> > > > Authentication > > > > > module. > > > (3) Turn on Full PAM Conversations and save. > > > (4) Go to the Webmin Configuration -> Webmin Themes > > > (5) Change to the MSC Linux Theme and save. > > > (6) Click on the System tab. > > > (7) Click on the Logout link. > > > (8) When prompted for the username, enter root and click Continue. > > > (9) The page that prompts for the password appears, somewhat messed > > up. > > > > > > At this point, you may be on a page that appears as in the following > > > > screen shot: http://khendron.com/sandbox/login_problem.gif. Note > > > that even though you are not logged in, the theme appears to think > > > you are logged in and displays the tabs across the top of the page. > > > I also edited the MSC Linux Theme files to display the value of > > > $remote_user, > > > > > and at this point $remote_user is set to "root". > > > > > > Step (6) is important. You don't have to click on the System tab > > > specifically. The idea is that you have to *not* be on the home URL > > > of > > > > > the webmin server. If you are https://servername:10000 the problem > > > will not occur, but if you are on > > > https://servername:10000/some_page_or_module the problem will occur. > > > Perhaps the login process is trying to redirect to the referrer page > > > > before the login is complete? > > > > > > Interestingly, the problem will occur only once. If you recreate the > > > > problem, complete the login and then pick it up again at step (6), > > > the > > > > > problem will not reoccur. But if you clear the browser cache and > > > then pick it up at step (6), then problem will reoccur (On my custom > > > > theme, > > > > > the problem occurs every single time, regardless of caching). Note > > > I've reproduced this using IE7 and FF2. > > > > > > I hope you are able to repeat this issue. I am totally scratching my > > > > head on it and need some assistance. > > > > > > Thanks > > > > > > Dave I > > > > > > -----Original Message----- > > > From: web...@li... > > > [mailto:web...@li...] On Behalf Of > > > Dave > > > > > Isaacs > > > Sent: Tuesday, April 24, 2007 6:59 AM > > > To: Webmin users list > > > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM > > > authentication problem > > > > > > Though not included in the setup I described, we plan on extending > > > the > > > > > Webmin login to include 2-factor authentication. This will require > > > full PAM conversations. > > > > > > There have been reports of similar behaviour, dating back to before > > > pam conversations was turned on, that occurred after a session > > > timeout. The resulting login page (which prompted for username and > > > password) also contained the "You are logged in ..." message. That > > > bug > > > > > reports was using version 1.290. We are currently running 1.330. > > > > > > I will continue debugging. Are there any specific places I should > > > look > > > > > at in miniserv.pl? > > > > > > Thanks > > > > > > Dave I > > > > > > -----Original Message----- > > > From: web...@li... > > > [mailto:web...@li...] On Behalf Of > > > Jamie Cameron > > > Sent: Tuesday, April 24, 2007 12:44 AM > > > To: Webmin users list > > > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM > > > authentication problem > > > > > > On 23/Apr/2007 14:37 Dave Isaacs wrote .. > > > > My apologies for the long description that follows. I am having a > > > > most > > > > > > > peculiar problem and need to describe the setup in detail in order > > > > > to make any sense whatsoever. > > > > > > > > I have a custom Webmin theme that, among other things, displays > > > > the a string in the header of each page "You are logged in to > > > > HOSTNAME as USERNAME" where HOSTNAME and USERNAME are the hostname > > > > > of the Webmin server and names of the logged in user, > respectively. > > > > > > > > The USERNAME string I am getting from the $remote_user global > > > variable. > > > > > > > > Also, I an using Full PAM Conversations, so when logging in, > > > > instead > > > > > > of a single form with Username and Password, logging in requires > 2 > > > pages. > > > > One for the Username and one of the Password. The "You are logged > > > > in > > > > > > ..." string is suppressed when $remote_user is empty, to avoid > > > > displaying the message when you are logging in. > > > > > > > > Here's the problem: > > > > Sometimes (not all the time), if I log out as one user and then > > > > log in > > > > > > > immediately as another user, something odd occurs. Let's assume I > > > > am > > > > > > logged in as User1, and want to log in as User2. I click the > > > > Logout link, and get the page that prompts for the username. I > > > > enter User2 and click Continue. The next page prompts for the > > > > password, but it also displays the string "You are logged in ... > > > > as User1." So halfway through the process of logging in as User2, > > > > I am seeing $remote_user being equal to "User1". > > > > > > > > I have no idea why this is occurring, but I think there are larger > > > > > ramifications to the issue because often (again not always) after > > > > this > > > > > > > occurs, miniserv.pl starts failing completely when logging in and > > > > will > > > > > > > start returning "403 Login failed" after entering the username. At > > > > > this point the only solution I have is to shell into the box and > > > > restart Webmin. > > > > > > > > Thanks > > > > > > > > Dave Isaacs > > > > > > > > Oh yeah, this is running on Red Hat EL4, and I have specified the > > > > pam_radius_auth.so PAM library in /etc/pam.d/webmin. It all works > > > > fine, except for this periodic problem. > > > > > > Hi Dave, > > > > > > This definately looks like a Webmin bug, but I couldn't see anything > > > > in the code that could trigger it .. except perhaps incorrect > > > caching of the PAM login page in the browser. > > > > > > I'm curious about why you enabled the full PAM conversations feature > > > > though - typically this is only needed if your PAM setup asks for > > > more > > > > > than a username and password. Is this the case on your system? If > > > not, > > > > > you could try turning it off.. > > > > > > - Jamie > > > > > > -------------------------------------------------------------------- > > > -- > > > -- > > > - > > > This SF.net email is sponsored by DB2 Express Download DB2 Express > C > > - > > > > > the FREE version of DB2 express and take control of your XML. No > > limits. > > > Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > - > > > Forwarded by the Webmin mailing list at > > > web...@li... > > > To remove yourself from this list, go to > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > > -------------------------------------------------------------------- > > > -- > > > -- > > > - > > > This SF.net email is sponsored by DB2 Express Download DB2 Express > C > > - > > > > > the FREE version of DB2 express and take control of your XML. No > > limits. > > > Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > - > > > Forwarded by the Webmin mailing list at > > > web...@li... > > > To remove yourself from this list, go to > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > > > -------------------------------------------------------------------- > > > -- > > > --- This SF.net email is sponsored by DB2 Express Download DB2 > > > Express > > > > > C - the FREE version of DB2 express and take control of your XML. No > > > > limits. Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > - > > > Forwarded by the Webmin mailing list at > > > web...@li... > > > To remove yourself from this list, go to > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > ---------------------------------------------------------------------- > > -- > > - > > This SF.net email is sponsored by DB2 Express Download DB2 Express C > - > > > the FREE version of DB2 express and take control of your XML. No > limits. > > Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > - > > Forwarded by the Webmin mailing list at > > web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > > > ---------------------------------------------------------------------- > > --- This SF.net email is sponsored by DB2 Express Download DB2 Express > > > C - the FREE version of DB2 express and take control of your XML. No > > limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > - > > Forwarded by the Webmin mailing list at > > web...@li... > > To remove yourself from this list, go to > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > ------------------------------------------------------------------------ > - > This SF.net email is sponsored by DB2 Express Download DB2 Express C - > the FREE version of DB2 express and take control of your XML. No limits. > Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > - > Forwarded by the Webmin mailing list at > web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > ------------------------------------------------------------------------- > This SF.net email is sponsored by DB2 Express > Download DB2 Express C - the FREE version of DB2 express and take > control of your XML. No limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > - > Forwarded by the Webmin mailing list at web...@li... > To remove yourself from this list, go to > http://lists.sourceforge.net/lists/listinfo/webadmin-list |
