Debian 5.0 upgraded fixed a session fixation vulnerability on December 1, 2009 (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=559020). It seems that when this happened, my installation now requires unprivileged users to log in twice. At the first login, the username and password fields are cleared and nothing seems to have happened. Put in the username and password a second time and the user is logged in. Sometimes if I try to log in as an unprivileged user, get put back to the login screen, then login as a privileged user, I get logged in with diminished privileges. Would someone please tell me what's going on? Maybe now would be a good time to upgrade to 3.8?
-- David Griffith [email protected] A: Because it fouls the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail? _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [email protected] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
