Menu
▾
▴
Re: [webmin-l] Peculiar custom theme problem, possible PAM authentication problem
|
From: Dave I. <dav...@en...> - 2007-04-27 13:43:42
|
I downloaded your new file and tried it out, but it made no difference. I can still reproduce the problem as originally described. Dave I -----Original Message----- From: web...@li... [mailto:web...@li...] On Behalf Of Jamie Cameron Sent: Wednesday, April 25, 2007 3:38 PM To: Webmin users list Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM authentication problem Try that URL again now .. the miniserv.pl in 1.343 doesn't include the fix. - Jamie On 25/Apr/2007 11:19 Dave Isaacs wrote .. > That URL returned a file not found error, so I downloaded the latest=20 > dev version (1.343) and took the miniserv.pl from that package,=20 > updated it accordingly, and restarted. >=20 > Nope, the problem still occurs. I did notice that now to recreate the=20 > problem repeatedly I have to change the page I am on before logging out. > For example, click on the Servers tab, logout, reproduce, click on the > System tab, logout, reproduce, click on the Networking tab, logout,=20 > reproduce, etc etc. >=20 > Thanks >=20 > Dave I >=20 > =20 >=20 > -----Original Message----- > From: web...@li... > [mailto:web...@li...] On Behalf Of=20 > Jamie Cameron > Sent: Wednesday, April 25, 2007 12:59 PM > To: Webmin users list > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM=20 > authentication problem >=20 > Hi Dave, > Hmm, perhaps I made some other miniserv.pl changes since 1.340 that=20 > also contributed to this fix. >=20 > You can get the latest version from http://fudu.webmin.com/miniserv.pl. > You'll need to fix up the #! line at the top after copying it into=20 > place, and of course restart Webmin.. >=20 > - Jamie >=20 > On 25/Apr/2007 06:49 Dave Isaacs wrote .. > > Ummmm, I made the change that you suggested (I cut and pasted the=20 > > corrected lines from your email), restarted Webmin, and it had no=20 > > effect whatsoever. I am still able to reproduce the problem as > described. > >=20 > > Thanks > >=20 > > Dave I > >=20 > > -----Original Message----- > > From: web...@li... > > [mailto:web...@li...] On Behalf Of=20 > > Jamie Cameron > > Sent: Tuesday, April 24, 2007 9:40 PM > > To: Webmin users list > > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM=20 > > authentication problem > >=20 > > Hi Dave, > > Thanks for the detailed list of steps to re-produce this - I found=20 > > the >=20 > > problem by following them, and will include a fix in the next Webmin > > release. > > Or if you don't want to wait, you can edit miniserv.pl and change=20 > > the lines : > >=20 > > $ENV{"REMOTE_USER"} =3D $authuser if (defined($authuser)); > > $ENV{"BASE_REMOTE_USER"} =3D$baseauthuser if ($authuser ne=20 > > $baseauthuser); > >=20 > > to : > >=20 > > $ENV{"REMOTE_USER"} =3D $authuser; > > $ENV{"BASE_REMOTE_USER"} =3D $authuser ne $baseauthuser ? > > $baseauthuser : undef; > >=20 > > - Jamie > >=20 > > On 24/Apr/2007 13:43 Dave Isaacs wrote .. > > > I appear to have reproduced this issue without using my custom=20 > > > theme >=20 > > > or a special PAM library. > > >=20 > > > The steps to reproduce: > > >=20 > > > (1) Install Webmin 1.330. On my setup, Webmin is configured to use > > > SSL > >=20 > > > connections only. > > > (2) Login as root and go to the Webmin Configuration ->=20 > > > Authentication > >=20 > > > module. > > > (3) Turn on Full PAM Conversations and save. > > > (4) Go to the Webmin Configuration -> Webmin Themes > > > (5) Change to the MSC Linux Theme and save. > > > (6) Click on the System tab. > > > (7) Click on the Logout link. > > > (8) When prompted for the username, enter root and click Continue. > > > (9) The page that prompts for the password appears, somewhat=20 > > > messed > > up. > > >=20 > > > At this point, you may be on a page that appears as in the=20 > > > following >=20 > > > screen shot: http://khendron.com/sandbox/login_problem.gif. Note=20 > > > that even though you are not logged in, the theme appears to think > > > you are logged in and displays the tabs across the top of the page. > > > I also edited the MSC Linux Theme files to display the value of=20 > > > $remote_user, > >=20 > > > and at this point $remote_user is set to "root". > > >=20 > > > Step (6) is important. You don't have to click on the System tab=20 > > > specifically. The idea is that you have to *not* be on the home=20 > > > URL of > >=20 > > > the webmin server. If you are https://servername:10000 the problem > > > will not occur, but if you are on=20 > > > https://servername:10000/some_page_or_module the problem will occur. > > > Perhaps the login process is trying to redirect to the referrer=20 > > > page >=20 > > > before the login is complete? > > >=20 > > > Interestingly, the problem will occur only once. If you recreate=20 > > > the >=20 > > > problem, complete the login and then pick it up again at step (6), > > > the > >=20 > > > problem will not reoccur. But if you clear the browser cache and=20 > > > then pick it up at step (6), then problem will reoccur (On my=20 > > > custom >=20 > > > theme, > >=20 > > > the problem occurs every single time, regardless of caching). Note > > > I've reproduced this using IE7 and FF2. > > >=20 > > > I hope you are able to repeat this issue. I am totally scratching=20 > > > my >=20 > > > head on it and need some assistance. > > >=20 > > > Thanks > > >=20 > > > Dave I > > >=20 > > > -----Original Message----- > > > From: web...@li... > > > [mailto:web...@li...] On Behalf Of=20 > > > Dave > >=20 > > > Isaacs > > > Sent: Tuesday, April 24, 2007 6:59 AM > > > To: Webmin users list > > > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM > > > authentication problem > > >=20 > > > Though not included in the setup I described, we plan on extending > > > the > >=20 > > > Webmin login to include 2-factor authentication. This will require > > > full PAM conversations. > > >=20 > > > There have been reports of similar behaviour, dating back to=20 > > > before pam conversations was turned on, that occurred after a=20 > > > session timeout. The resulting login page (which prompted for=20 > > > username and > > > password) also contained the "You are logged in ..." message. That > > > bug > >=20 > > > reports was using version 1.290. We are currently running 1.330. > > >=20 > > > I will continue debugging. Are there any specific places I should=20 > > > look > >=20 > > > at in miniserv.pl? > > >=20 > > > Thanks > > >=20 > > > Dave I > > >=20 > > > -----Original Message----- > > > From: web...@li... > > > [mailto:web...@li...] On Behalf Of=20 > > > Jamie Cameron > > > Sent: Tuesday, April 24, 2007 12:44 AM > > > To: Webmin users list > > > Subject: Re: [webmin-l] Peculiar custom theme problem,possible PAM > > > authentication problem > > >=20 > > > On 23/Apr/2007 14:37 Dave Isaacs wrote .. > > > > My apologies for the long description that follows. I am having=20 > > > > a most > > >=20 > > > > peculiar problem and need to describe the setup in detail in=20 > > > > order >=20 > > > > to make any sense whatsoever. > > > >=20 > > > > I have a custom Webmin theme that, among other things, displays=20 > > > > the a string in the header of each page "You are logged in to=20 > > > > HOSTNAME as USERNAME" where HOSTNAME and USERNAME are the=20 > > > > hostname >=20 > > > > of the Webmin server and names of the logged in user, > respectively. > > > >=20 > > > > The USERNAME string I am getting from the $remote_user global > > > variable. > > > >=20 > > > > Also, I an using Full PAM Conversations, so when logging in,=20 > > > > instead > >=20 > > > > of a single form with Username and Password, logging in requires > 2 > > > pages. > > > > One for the Username and one of the Password. The "You are=20 > > > > logged in > >=20 > > > > ..." string is suppressed when $remote_user is empty, to avoid=20 > > > > displaying the message when you are logging in. > > > >=20 > > > > Here's the problem: > > > > Sometimes (not all the time), if I log out as one user and then=20 > > > > log in > > >=20 > > > > immediately as another user, something odd occurs. Let's assume=20 > > > > I am > >=20 > > > > logged in as User1, and want to log in as User2. I click the=20 > > > > Logout link, and get the page that prompts for the username. I=20 > > > > enter User2 and click Continue. The next page prompts for the=20 > > > > password, but it also displays the string "You are logged in ... > > > > as User1." So halfway through the process of logging in as=20 > > > > User2, I am seeing $remote_user being equal to "User1". > > > >=20 > > > > I have no idea why this is occurring, but I think there are=20 > > > > larger >=20 > > > > ramifications to the issue because often (again not always)=20 > > > > after this > > >=20 > > > > occurs, miniserv.pl starts failing completely when logging in=20 > > > > and will > > >=20 > > > > start returning "403 Login failed" after entering the username.=20 > > > > At >=20 > > > > this point the only solution I have is to shell into the box and > > > > restart Webmin. > > > >=20 > > > > Thanks > > > >=20 > > > > Dave Isaacs > > > >=20 > > > > Oh yeah, this is running on Red Hat EL4, and I have specified=20 > > > > the pam_radius_auth.so PAM library in /etc/pam.d/webmin. It all=20 > > > > works fine, except for this periodic problem. > > >=20 > > > Hi Dave, > > >=20 > > > This definately looks like a Webmin bug, but I couldn't see=20 > > > anything >=20 > > > in the code that could trigger it .. except perhaps incorrect=20 > > > caching of the PAM login page in the browser. > > >=20 > > > I'm curious about why you enabled the full PAM conversations=20 > > > feature >=20 > > > though - typically this is only needed if your PAM setup asks for=20 > > > more > >=20 > > > than a username and password. Is this the case on your system? If=20 > > > not, > >=20 > > > you could try turning it off.. > > >=20 > > > - Jamie > > >=20 > > > ------------------------------------------------------------------ > > > -- > > > -- > > > -- > > > - > > > This SF.net email is sponsored by DB2 Express Download DB2 Express > C > > - > >=20 > > > the FREE version of DB2 express and take control of your XML. No > > limits. > > > Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > - > > > Forwarded by the Webmin mailing list at=20 > > > web...@li... > > > To remove yourself from this list, go to=20 > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > >=20 > > > ------------------------------------------------------------------ > > > -- > > > -- > > > -- > > > - > > > This SF.net email is sponsored by DB2 Express Download DB2 Express > C > > - > >=20 > > > the FREE version of DB2 express and take control of your XML. No > > limits. > > > Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > - > > > Forwarded by the Webmin mailing list at=20 > > > web...@li... > > > To remove yourself from this list, go to=20 > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > > >=20 > > > ------------------------------------------------------------------ > > > -- > > > -- > > > --- This SF.net email is sponsored by DB2 Express Download DB2=20 > > > Express > >=20 > > > C - the FREE version of DB2 express and take control of your XML.=20 > > > No >=20 > > > limits. Just data. Click to get it now. > > > http://sourceforge.net/powerbar/db2/ > > > - > > > Forwarded by the Webmin mailing list at=20 > > > web...@li... > > > To remove yourself from this list, go to=20 > > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > >=20 > > -------------------------------------------------------------------- > > -- > > -- > > - > > This SF.net email is sponsored by DB2 Express Download DB2 Express C > - >=20 > > the FREE version of DB2 express and take control of your XML. No > limits. > > Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > - > > Forwarded by the Webmin mailing list at=20 > > web...@li... > > To remove yourself from this list, go to=20 > > http://lists.sourceforge.net/lists/listinfo/webadmin-list > >=20 > > -------------------------------------------------------------------- > > -- > > --- This SF.net email is sponsored by DB2 Express Download DB2=20 > > Express >=20 > > C - the FREE version of DB2 express and take control of your XML. No > > limits. Just data. Click to get it now. > > http://sourceforge.net/powerbar/db2/ > > - > > Forwarded by the Webmin mailing list at=20 > > web...@li... > > To remove yourself from this list, go to=20 > > http://lists.sourceforge.net/lists/listinfo/webadmin-list >=20 > ---------------------------------------------------------------------- > -- > - > This SF.net email is sponsored by DB2 Express Download DB2 Express C - > the FREE version of DB2 express and take control of your XML. No limits. > Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > - > Forwarded by the Webmin mailing list at=20 > web...@li... > To remove yourself from this list, go to=20 > http://lists.sourceforge.net/lists/listinfo/webadmin-list >=20 > ---------------------------------------------------------------------- > --- This SF.net email is sponsored by DB2 Express Download DB2 Express > C - the FREE version of DB2 express and take control of your XML. No=20 > limits. Just data. Click to get it now. > http://sourceforge.net/powerbar/db2/ > - > Forwarded by the Webmin mailing list at=20 > web...@li... > To remove yourself from this list, go to=20 > http://lists.sourceforge.net/lists/listinfo/webadmin-list ------------------------------------------------------------------------ - This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ - Forwarded by the Webmin mailing list at web...@li... To remove yourself from this list, go to http://lists.sourceforge.net/lists/listinfo/webadmin-list |
