On Wed, Dec 09, 2009 at 04:49:14PM -0500, Kevin Falcone wrote: > On Wed, Dec 09, 2009 at 12:26:53PM -0800, David Griffith wrote: > > On Wed, 9 Dec 2009, Kevin Falcone wrote: > > > > > On Wed, Dec 09, 2009 at 11:40:32AM -0800, David Griffith wrote: > > >> Go to http://foobar.com/rt and you see the RT login screen. Login as an > > >> unprivileged user (Alice). The username and password field will blank > > >> out. Type in Alice's username and password again, and you'll be logged > > >> in > > >> as Alice. That's the first part of the bug. > > > > > > What happens at http://foobar.com/rt/ vs /rt > > > Also, what is your URL after the initial failed login? > > > > Trailing slash makes no difference. The URL after initial failed login is > > http://foobar.com/rt/SelfService/ > > > > >> The second part is when you type in the username-password the second > > >> time. If at that point you attempt to log in as a privileged user, > > >> you'll log in, but your permissions are that of an unprivileged user. > > > > > > This sounds like the initial login worked enough to get you redirected > > > to /rt/SelfService/ which would certainly make it appear that you're > > > an unprivileged user when you then log in as Bob (the privileged user) > > > > I see. Any ideas of what's going on? > > Not without further digging, but at least we've explained the > unprivileged rights issue.
I'd be interested to know if the following patch fixes this on debian stable. You should be able to apply it with cd /usr/share/request-tracker3.6; patch < ErrHeadersOut.patch and a restart of apache -kevin
pgpoghO0mBJtR.pgp
Description: PGP signature
_______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [email protected] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
