Dave,
> Now that I have RT running enough to get a login page, I can't get /any/ > login to work, not even root. The Apache log reports, "Unknown password > form (/usr/share/perl5/vendor_perl/RT/User_Overlay.pm:1094)", and the RT > log is still empty. you can look at this page: http://requesttracker.wikia.com/wiki/RecoverRootPassword it has steps for RT4 (be sure to use the RT4 way, not the 3.8 way, i believe the password encryption was changed in there somewhere). There is also steps to check to see if the "root" account was disabled, and how to enable it if it was. > There must be a backdoor way in. Isn't there? yes, the above link will get you there. you can "un-disable" a user, if it was disabled, and reset the password to something you know. from the first entry in the logs, it looks like the passwords are still stored in the "pre-change-to-md5" format (from back in 3.8 i believe). there was some code in there to allow people to use either, but if they changed their password, it would be stored in the new format. it could be that those users you are trying to login with had never changed their passwords since then? (it is mentioned at least here: http://www.bestpractical.com/docs/rt/4.2/UPGRADING-3.8.html ) I hope this helps... Thanks, Jok -- RT Training London, March 19-20 and Dallas May 20-21 http://bestpractical.com/training
