[rt-users] How to add link into Login Page
Hi All, I would like to add some info on main Lohin Page, befoure you put user/pass. I found two place where it could be done: 1) footer - for me to small 2) *.po files, message on read field for example rihgt now I have You are not an authorized user I would like to have You are not an authorized user. Please visit link I know where I should change this but I dont konw how put there a link: first place TangentForLoginWithError('You are not an authorized user'); from - opt/rt4/lib/RT/Interface/Web.pm second /opt/rt4/share/en.po #: NOT FOUND IN SOURCE msgid You are not an authorized user please msgstr You are not an authorised user please Perhaps you have better place to put message like Please register here etc. -- Pozdrawiam Adrian Stelmaszyk
[rt-users] How to automatically activate/enable created accounts.
Hi, I would like to automatically activate/enable accounts when account are created. Right now when accounts are created I must go to Access control and check: Let this user access RT and Let this user be granted rights (Privileged). In my case when some accounts are created automatically a would be nice to make automatically active this account. -- Best Regards Adrian Stelmaszyk
[rt-users] How to refresh site after error.
Hi, we are using plugin externalauth with phpass(special hash method) after puting password to RT(Web interface) we get error: Can't use string (user password) as a HASH ref while strict refs in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 340. How we could refresh/reload this site. When I do this by hand (click in web browser refresh or F5) I will login to RT. Here is the link: http://150.254.148.60/NoAuth/Login.html -- Best Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi Ruslan, I comment in RT_SiteConfig.pm: #p_enc_pkg = #p_enc_sub = and put: p_check = sub { my ($hash, $pass) = @_; use Authen::Passphrase; return Authen::Passphrase-from_crypt($hash || '*')-match($pass); }, In log I can see: p_check for My_MySQL failed: unrecognised crypt scheme $H$ at /opt/rt4/etc/RT_SiteConfig.pm line 154 This is the line: 154 return Authen::Passphrase-from_crypt($hash || '*')-match($pass); I'm not sure if I put this p_check i right place, or I miss some '' ? Normal we have: ''p_enc_pkg' = 'Authen::Passphrase',' Should I live this p_check like this: 151 p_check = sub { 152 my ($hash, $pass) = @_; 153 use Authen::Passphrase; 154 return Authen::Passphrase-from_crypt($hash || '*')-match($pass); 155 }, 156 I can send you whole Set($ExternalSettings,) if it will help find issues. Best Adrian 2011/11/17 Ruslan Zakirov r...@bestpractical.com: On Thu, Nov 17, 2011 at 1:49 PM, Adrian Stel adisa...@gmail.com wrote: Hi Ruslan, If I understand well: 1) apply patch - easy to do (just add line to /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm) 2) Here I have some question because I'm not sure how set 'p_enc_pkg' and 'p_enc_sub' These are not required when p_check is set. p_check is a code inlined right into config that does whole job of checking password user entered against the hash. I need add this check to RT_SiteConfig.pm: ?? Yes. p_check = sub { my ($hash, $pass) = @_; use Authen::Passphrase; return Authen::Passphrase-from_crypt($hash || '*')-match($pass); }, then RT_SiteConfig.pm looks like: # The Perl package subroutine used to encrypt passwords # e.g. if the passwords are stored using the MySQL v3.23 PASSWORD # function, then you will need Crypt::MySQL::password, but for the # MySQL4+ password function you will need Crypt::MySQL::password41 # Alternatively, you could use Digest::MD5::md5_hex or any other # encryption subroutine you can load in your perl installation 'p_enc_pkg' = 'Authen::Passphrase', (???) 'p_enc_sub' = '$P$', () p_check = sub { my ($hash, $pass) = @_; use Authen::Passphrase; return Authen::Passphrase-from_crypt($hash || '*')-match($pass); }, #'p_enc_pkg' = 'Crypt::MySQL', #'p_enc_sub' = 'password41', # If your p_enc_sub takes a salt as a second parameter, # uncomment this line to add your salt #'p_salt' = 'SALT', If i mix/miss something please correct me. Leave p_check and options that control how to find user in the DB, drop p_salt and p_enc_* options. Best Regards Adrian -- Best regards, Ruslan. -- Pozdrawiam Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] PHPass and Request Tracker
Hi, here is part of Set from RT_SiteConfig.pm, only here I could make mistake: 108 Set($ExternalSettings, { # AN EXAMPLE DB SERVICE 109 'My_MySQL' = { ## GENERIC SECTION 110 # The type of service (db/ldap/cookie) 111 'type' = 'db', 112 # The server hosting the service 113 'server'= '**', 114 ## SERVICE-SPECIFIC SECTION 115 # The database name 116 'database' = 'phpbb3', 117 # The database table 118 'table' = 'phpbbusers', 119 # The user to connect to the database as 120 'user' = 'phpbb3', 121 # The password to use to connect with 122 'pass' = '*', 123 # The port to use to connect with (e.g. 3306) 124 'port' = '3306', 125 # The name of the Perl DBI driver to use (e.g. mysql) 126 'dbi_driver'= 'mysql', 127 # The field in the table that holds usernames 128 'u_field' = 'username', 129 # The field in the table that holds passwords 130 'p_field' = 'user_password', 131 # The Perl package subroutine used to encrypt passwords 132 # e.g. if the passwords are stored using the MySQL v3.23 PASSWORD 133 # function, then you will need Crypt::MySQL::password, but for the 134 # MySQL4+ password function you will need Crypt::MySQL::password41 135 # Alternatively, you could use Digest::MD5::md5_hex or any other 136 # encryption subroutine you can load in your perl installation 137 'p_enc_pkg' = 'Authen::Passphrase::PHPass', 138 'p_enc_sub' = 'cost', 139 #'p_enc_pkg' = 'Crypt::MySQL', 140 #'p_enc_sub' = 'password41', 141 # If your p_enc_sub takes a salt as a second parameter, 142 # uncomment this line to add your salt 143 #'p_salt'= 'SALT', 144 145 # 146 # The field and values in the table that determines if a user should 147 # be disabled. For example, if the field is 'user_status' and the values 148 # are ['0','1','2','disabled'] then the user will be disabled if their 149 # user_status is set to '0','1','2' or the string 'disabled'. 150 # Otherwise, they will be considered enabled. 151 'd_field' = 'disabled', 152 'd_values' = ['0'], 153 ## RT ATTRIBUTE MATCHING SECTION 154 # The list of RT attributes that uniquely identify a user 155 'attr_match_list' = [ 'Gecos', 156 'Name' 157 ], 158 # The mapping of RT attributes on to field names 159 'attr_map' = { 'Name' = 'username', 160 'EmailAddress' = 'user_email', 161 'ExternalAuthId' = 'username', 162 'Gecos' = 'user_id' 163 } 164 }, Best Adrian 2011/11/15 Zefram zef...@fysh.org: Adrian
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi, DBI.pm this is the place with p_enc_sub: sub GetAuth { my ($service, $username, $password) = @_; my $config = $RT::ExternalSettings-{$service}; $RT::Logger-debug( Trying external auth service:,$service); my $db_table= $config-{'table'}; my $db_u_field = $config-{'u_field'}; my $db_p_field = $config-{'p_field'}; my $db_p_enc_pkg= $config-{'p_enc_pkg'}; my $db_p_enc_sub= $config-{'p_enc_sub'}; my $db_p_salt = $config-{'p_salt'}; Place where the password is submitted to that method as a string parameter. In my opinion could be here: # Get the user's password from the database query result my $pass_from_db = $results_hashref-{$username}-{$db_p_field}; # This is the encryption package subroutine passed in by the config file $RT::Logger-debug( Encryption Package:, $db_p_enc_pkg); $RT::Logger-debug( Encryption Subroutine:, $db_p_enc_sub); # Use config info to auto-load the perl package needed for password encryption # I know it uses a string eval - but I don't think there's a better way to do this # Jump to next external authentication service on failure eval require $db_p_enc_pkg or $RT::Logger-error(AUTH FAILED, Couldn't Load Password Encryption Package. Error: $@) return 0; my $encrypt = $db_p_enc_pkg-can($db_p_enc_sub); if (defined($encrypt)) { # If the package given can perform the subroutine given, then use it to compare the # password given with the password pulled from the database. # Jump to the next external authentication service if they don't match if(defined($db_p_salt)) { $RT::Logger-debug(Using salt:,$db_p_salt); if(${encrypt}-($password,$db_p_salt) ne $pass_from_db){ $RT::Logger-info( $service, AUTH FAILED, $username, Password Incorrect); return 0; } } else { if(${encrypt}-($password) ne $pass_from_db){ $RT::Logger-info( $service, AUTH FAILED, $username, Password Incorrect); return 0; } } } else { # If the encryption package can't perform the request subroutine, # dump an error and jump to the next external authentication service. $RT::Logger-error($service, AUTH FAILED, The encryption package you gave me (, $db_p_enc_pkg, ) does not support the encryption method you specified (, $db_p_enc_sub, )); return 0; } But i'm not shure where exactly. And how I can convert string to hash. I'm not familiar with perl ;/ Best Adrian 2011/11/15 Zordrak zord...@tpa.me.uk: Adrian Stel wrote: Hi, Can't use string (user password) as a HASH ref while strict refs in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278. Problem is with type of user password. Still need to know where I should search. Search for the text p_enc_sub. There's only one place it should be defined and it will be very close to where the password is submitted to that method as a string parameter. -- Zordrak zord...@tpa.me.uk -- Pozdrawiam Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] PHPass and Request Tracker
2011/11/16 Adrian Stel adisa...@gmail.com: Hi, perhaps this is stupid question but I'm not sure where I should put this wrapper function ;/ I found in /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm This is the right place ? =head1 SYNOPSIS use Authen::Passphrase::PHPass; $ppr = Authen::Passphrase::PHPass-new( cost = 10, salt = NaClNaCl, hash_base64 = ObRxTm/.EiiYN02xUeAQs/); $ppr = Authen::Passphrase::PHPass-new( cost = 10, salt_random = 1, passphrase = passphrase); $ppr = Authen::Passphrase::PHPass-from_crypt( '$P$8NaClNaClObRxTm/.EiiYN02xUeAQs/'); $ppr = Authen::Passphrase::PHPass-from_rfc2307( '{CRYPT}$P$8NaClNaClObRxTm/.EiiYN02xUeAQs/'); $cost = $ppr-cost; $cost_base64 = $ppr-cost_base64; $cost = $ppr-nrounds_log2; $cost_base64 = $ppr-nrounds_log2_base64; $salt = $ppr-salt; $hash = $ppr-hash; $hash_base64 = $ppr-hash_base64; if($ppr-match($passphrase)) { ... $passwd = $ppr-as_crypt; $userPassword = $ppr-as_rfc2307; =head1 DESCRIPTION Best Adrian 2011/11/16 Zefram zef...@fysh.org: Adrian Stel wrote: 'p_enc_pkg' = 'Authen::Passphrase::PHPass', 'p_enc_sub' = 'cost', The comment above, the example below, and a bit of googling all show that p_enc_pkg and p_enc_sub are together meant to name a hash function. Your password string will be passed through the function, and the resulting hash value is then managed by RT. The clearest example: #'p_enc_pkg' = 'Crypt::MySQL', #'p_enc_sub' = 'password41', Crypt::MySQL::password41() is a function to which you pass a password string and it returns a hash. For example, password41(hunter2) returns *58815970BE77B3720276F63DB198B1FA42E5CC02. Authen::Passphrase::PHPass::cost is not a hashing function. It's not meant to be called as a standalone function at all. It's the implementation of the -cost method on the Authen::Passphrase::PHPass class, and so expects to be passed an A:P:PHPass object, not a string. A:P:PHPass doesn't actually expose the hash function on its own, so you can't use it this way. In fact, the PHPass hash algorithm *can't* be properly used by RT, because it takes a salt input, and apparently RT can't perform salting. (There's a p_salt parameter, which appears to be a *fixed* salt, defeating the purpose.) You could write a wrapper function around A:P:PHPass that creates a recogniser for a supplied password and then just extracts the hash. The wrapper would have to fix the cost parameter and the salt. It looks like this: use Authen::Passphrase::PHPass (); sub phpass_10_($) { return Authen::Passphrase::PHPass-new( cost=10, passphrase=$_[0], salt=, )-hash_base64; } phpass_10_(hunter2) returns LvYU3dRamxKB1.lRa4ow1/. *This* is a hash function and could be used by RT via p_enc_pkg and p_enc_sub. It's a bit of an abstraction inversion to use A:P:PHPass just for its hash function. If A:P:PHPass were wrapping some other module that just provides the hash then I'd point you at the other module. Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL. But A:P:PHPass implements the hash itself. Also, if there were a module exposing the PHPass algorithm on its own, you'd still have to write a wrapper, because of the cost parameter that RT has no idea how to handle. -zefram -- Pozdrawiam Adrian Stelmaszyk -- Pozdrawiam Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi, I get some info from PHPass but I don't know how use it ;/ any sugestion from your site ? 'p_enc_pkg' = 'Authen::Passphrase::PHPass', 'p_enc_sub' = 'cost', The comment above, the example below, and a bit of googling all show that p_enc_pkg and p_enc_sub are together meant to name a hash function. Your password string will be passed through the function, and the resulting hash value is then managed by RT. The clearest example: #'p_enc_pkg' = 'Crypt::MySQL', #'p_enc_sub' = 'password41', Crypt::MySQL::password41() is a function to which you pass a password string and it returns a hash. For example, password41(hunter2) returns *58815970BE77B3720276F63DB198B1FA42E5CC02. Authen::Passphrase::PHPass::cost is not a hashing function. It's not meant to be called as a standalone function at all. It's the implementation of the -cost method on the Authen::Passphrase::PHPass class, and so expects to be passed an A:P:PHPass object, not a string. A:P:PHPass doesn't actually expose the hash function on its own, so you can't use it this way. In fact, the PHPass hash algorithm *can't* be properly used by RT, because it takes a salt input, and apparently RT can't perform salting. (There's a p_salt parameter, which appears to be a *fixed* salt, defeating the purpose.) You could write a wrapper function around A:P:PHPass that creates a recogniser for a supplied password and then just extracts the hash. The wrapper would have to fix the cost parameter and the salt. It looks like this: use Authen::Passphrase::PHPass (); sub phpass_10_($) { return Authen::Passphrase::PHPass-new( cost=10, passphrase=$_[0], salt=, )-hash_base64; } phpass_10_(hunter2) returns LvYU3dRamxKB1.lRa4ow1/. *This* is a hash function and could be used by RT via p_enc_pkg and p_enc_sub. It's a bit of an abstraction inversion to use A:P:PHPass just for its hash function. If A:P:PHPass were wrapping some other module that just provides the hash then I'd point you at the other module. Most A:P modules do this, such as A:P:MySQL323 wrapping Crypt::MySQL. But A:P:PHPass implements the hash itself. Also, if there were a module exposing the PHPass algorithm on its own, you'd still have to write a wrapper, because of the cost parameter that RT has no idea how to handle. 2011/11/16 Adrian Stel adisa...@gmail.com: Hi, DBI.pm this is the place with p_enc_sub: sub GetAuth { my ($service, $username, $password) = @_; my $config = $RT::ExternalSettings-{$service}; $RT::Logger-debug( Trying external auth service:,$service); my $db_table = $config-{'table'}; my $db_u_field = $config-{'u_field'}; my $db_p_field = $config-{'p_field'}; my $db_p_enc_pkg = $config-{'p_enc_pkg'}; my $db_p_enc_sub = $config-{'p_enc_sub'}; my $db_p_salt = $config-{'p_salt'}; Place where the password is submitted to that method as a string parameter. In my opinion could be here: # Get the user's password from the database query result my $pass_from_db = $results_hashref-{$username}-{$db_p_field}; # This is the encryption package subroutine passed in by the config file $RT::Logger-debug( Encryption Package:, $db_p_enc_pkg); $RT::Logger-debug( Encryption Subroutine:, $db_p_enc_sub); # Use config info to auto-load the perl package needed for password encryption # I know it uses a string eval - but I don't think there's a better way to do this # Jump to next external authentication service on failure eval require $db_p_enc_pkg or $RT::Logger-error(AUTH FAILED, Couldn't Load Password Encryption Package. Error: $@) return 0; my $encrypt = $db_p_enc_pkg-can($db_p_enc_sub); if (defined($encrypt)) { # If the package given can perform the subroutine given, then use it to compare the # password given with the password pulled from the database. # Jump to the next external authentication service if they don't match if(defined($db_p_salt)) { $RT::Logger-debug(Using salt:,$db_p_salt); if(${encrypt}-($password,$db_p_salt) ne $pass_from_db){ $RT::Logger-info( $service, AUTH FAILED, $username, Password Incorrect); return 0; } } else { if(${encrypt}-($password) ne $pass_from_db){ $RT::Logger-info( $service, AUTH FAILED, $username, Password Incorrect); return 0; } } } else { # If the encryption
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi, any idea where I should look, file name ? function ? Best Adrian 2011/11/14 Zordrak zord...@tpa.me.uk: Adrian Stel wrote: Hi, thanks :) phpass has many method I use hash_base64, RTSiteConfig.pm: 'p_enc_pkg' = 'Authen::Passphrase::PHPass', 'p_enc_sub' = 'hash_base64', and when i put user/pass I get: RT Site: http://150.254.148.60/NoAuth/Login.html Can't use string (*) as a HASH ref while strict refs in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278. But when I reload page I will be login to RT. Any idea why we get this error. My guess would be that PHPass.pm expects the password to be sent to it as a hashref instead of a string. IF this is the case then you will need to modify the code in ExternalAuth so that when the subroutine is called, the string is first converted into a hashref and then sent as a parameter. -- Zordrak zord...@tpa.me.uk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi, Can't use string (user password) as a HASH ref while strict refs in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278. Problem is with type of user password. Still need to know where I should search. Best Adrian 2011/11/15 Adrian Stel adisa...@gmail.com: Hi, any idea where I should look, file name ? function ? Best Adrian 2011/11/14 Zordrak zord...@tpa.me.uk: Adrian Stel wrote: Hi, thanks :) phpass has many method I use hash_base64, RTSiteConfig.pm: 'p_enc_pkg' = 'Authen::Passphrase::PHPass', 'p_enc_sub' = 'hash_base64', and when i put user/pass I get: RT Site: http://150.254.148.60/NoAuth/Login.html Can't use string (*) as a HASH ref while strict refs in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278. But when I reload page I will be login to RT. Any idea why we get this error. My guess would be that PHPass.pm expects the password to be sent to it as a hashref instead of a string. IF this is the case then you will need to modify the code in ExternalAuth so that when the subroutine is called, the string is first converted into a hashref and then sent as a parameter. -- Zordrak zord...@tpa.me.uk -- Pozdrawiam Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT 4.0.2 and ExternalAuth
Hi, solution: install Crypt::MySQL using CPAN. Adrian 2011/11/12 Adrian Stel adisa...@gmail.com: Hi, now I have : 'p_enc_pkg' = 'Crypt::MySQL', 'p_enc_sub' = 'password41', and still errors: [error]: AUTH FAILED, Couldn't Load Password Encryption Package. Error: Can't locate Crypt/MySQL.pm in @INC (@INC contains: /opt/rt4/sbin/../local/lib /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt4/sbin/../lib /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at (eval 1304) line 3. [error]: My_MySQL AUTH FAILED The encryption package you gave me ( Crypt::MySQL ) does not support the encryption method you specified ( password41 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:99) [Sat Nov 12 12:08:58 2011] [debug]: DBI password validation result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:331) [Sat Nov 12 12:08:58 2011] [debug]: Password Validation Check Result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159) [Sat Nov 12 12:08:58 2011] [debug]: Autohandler called ExternalAuth. Response: (0, Password Invalid) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [Sat Nov 12 12:08:58 2011] [error]: FAILED LOGIN for test123 from 31.174.157.24 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655) Any idea why there we Can't locate Crypt/MySQL.pm ? Adrian 2011/11/10 Kevin Falcone falc...@bestpractical.com: On Thu, Nov 10, 2011 at 02:07:41PM +0100, Adrian Stel wrote: # The Perl package subroutine used to encrypt passwords # e.g. if the passwords are stored using the MySQL v3.23 PASSWORD # function, then you will need Crypt::MySQL::password, but for the # MySQL4+ password function you will need Crypt::MySQL::password41 # Alternatively, you could use Digest::MD5::md5_hex or any other # encryption subroutine you can load in your perl installation 'p_enc_pkg' = 'Crypt::MySQL::password41', #'p_enc_sub' = 'password41', # If your Couldn't Load Password Encryption Package. Error: Can't locate Crypt/MySQL/password.pm My_MySQL AUTH FAILED The encryption package you gave me ( Crypt::MySQL::password ) does not support the encryption method you specified ( ) You've configured it to use Crypt::MySQL::password41, which is not a perl module. I suspect you wanted it to load Crypt::MySQL and then use the password41 method on it. -kevin RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain — November 28 29, 2011 -- Pozdrawiam Adrian Stelmaszyk -- Pozdrawiam Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] RT 4.0.2 ExternalAuth and phpbb3
Hi, I would like to use phpbb3 base to auth to my RT. Problem is here: SiteConfig.pm # The Perl package subroutine used to encrypt passwords # e.g. if the passwords are stored using the MySQL v3.23 PASSWORD # function, then you will need Crypt::MySQL::password, but for the # MySQL4+ password function you will need Crypt::MySQL::password41 # Alternatively, you could use Digest::MD5::md5_hex or any other # encryption subroutine you can load in your perl installation 'p_enc_pkg' = 'Crypt::MySQL', 'p_enc_sub' = 'password41', I'm not sure which function I should use. -- Best Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi, I'm trying to configure ExternalAuth on my RT4.0.2 External database use Portable PHP password hashing framework. (phpbb3) http://www.openwall.com/phpass/ There is perl module for this Authen::Passphrase::PHPass (Perl module reimplements the support for portable hashes introduced in phpass, but in Perl). My question is haw I should configure RT_siteConfig.pm: 'p_enc_pkg' = '?' 'p_enc_sub' = '?' When I use: 'p_enc_pkg' = 'Authen::Passphrase::PHPass', 'p_enc_sub' = '', I get: My_MySQL AUTH FAILED The encryption package you gave me ( Authen::Passphrase::PHPass ) does not support the encryption method you specified ( ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:99) Any idea why ? -- Best Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT::Authen::ExternalAuth with PHPass (phpbb3);
Hi, thanks :) phpass has many method I use hash_base64, RTSiteConfig.pm: 'p_enc_pkg' = 'Authen::Passphrase::PHPass', 'p_enc_sub' = 'hash_base64', and when i put user/pass I get: RT Site: http://150.254.148.60/NoAuth/Login.html Can't use string (*) as a HASH ref while strict refs in use at /usr/local/share/perl/5.10.1/Authen/Passphrase/PHPass.pm line 278. But when I reload page I will be login to RT. Any idea why we get this error. I test 2 more method hash and cost i both case we get the same error. I'm not sure if I chose rigt method. Or there is issues in RTSiteConfig.pm Best Adrian 2011/11/14 Zordrak zord...@tpa.me.uk: Adrian Stel wrote: Hi, When I use: 'p_enc_pkg' = 'Authen::Passphrase::PHPass', 'p_enc_sub' = '', I get: My_MySQL AUTH FAILED The encryption package you gave me ( Authen::Passphrase::PHPass ) does not support the encryption method you specified ( ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:99) Any idea why ? Very simple, you haven't specified a method (subroutine) for the encryption; only the package. Take MySQL's password function as an example. To use it you would specific the p_enc_pkg as Crypt::MySQL which will include that perl module, but that module provides many different methods. Normally you'd expect to use password41 as the p_enc_sub. If it were MD5: p_eng_pkg: Digest::MD5 p_enc_sub: md5_hex -- Zordrak zord...@tpa.me.uk -- Pozdrawiam Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
Re: [rt-users] RT 4.0.2 and ExternalAuth
Hi, now I have : 'p_enc_pkg' = 'Crypt::MySQL', 'p_enc_sub' = 'password41', and still errors: [error]: AUTH FAILED, Couldn't Load Password Encryption Package. Error: Can't locate Crypt/MySQL.pm in @INC (@INC contains: /opt/rt4/sbin/../local/lib /opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib /opt/rt4/sbin/../lib /etc/perl /usr/local/lib/perl/5.10.1 /usr/local/share/perl/5.10.1 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl . /etc/apache2) at (eval 1304) line 3. [error]: My_MySQL AUTH FAILED The encryption package you gave me ( Crypt::MySQL ) does not support the encryption method you specified ( password41 ) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:99) [Sat Nov 12 12:08:58 2011] [debug]: DBI password validation result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:331) [Sat Nov 12 12:08:58 2011] [debug]: Password Validation Check Result: 0 (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:159) [Sat Nov 12 12:08:58 2011] [debug]: Autohandler called ExternalAuth. Response: (0, Password Invalid) (/opt/rt4/local/plugins/RT-Authen-ExternalAuth/html/Elements/DoAuth:11) [Sat Nov 12 12:08:58 2011] [error]: FAILED LOGIN for test123 from 31.174.157.24 (/opt/rt4/sbin/../lib/RT/Interface/Web.pm:655) Any idea why there we Can't locate Crypt/MySQL.pm ? Adrian 2011/11/10 Kevin Falcone falc...@bestpractical.com: On Thu, Nov 10, 2011 at 02:07:41PM +0100, Adrian Stel wrote: # The Perl package subroutine used to encrypt passwords # e.g. if the passwords are stored using the MySQL v3.23 PASSWORD # function, then you will need Crypt::MySQL::password, but for the # MySQL4+ password function you will need Crypt::MySQL::password41 # Alternatively, you could use Digest::MD5::md5_hex or any other # encryption subroutine you can load in your perl installation 'p_enc_pkg' = 'Crypt::MySQL::password41', #'p_enc_sub' = 'password41', # If your Couldn't Load Password Encryption Package. Error: Can't locate Crypt/MySQL/password.pm My_MySQL AUTH FAILED The encryption package you gave me ( Crypt::MySQL::password ) does not support the encryption method you specified ( ) You've configured it to use Crypt::MySQL::password41, which is not a perl module. I suspect you wanted it to load Crypt::MySQL and then use the password41 method on it. -kevin RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain — November 28 29, 2011 -- Pozdrawiam Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Barcelona, Spain November 28 29, 2011
[rt-users] RT 4.0.2 and ExternalAuth
Hi, I install ExternalAuth: cpan install RT::Authen::ExternalAuth And installation finished with OK. Now i'm trying to configure RT_SiteConfig.pm Set(@Plugins, qw(RT::Authen::ExternalAuth) ); Set($ExternalAuthPriority, [ 'My_MySQL']); Set($ExternalInfoPriority, [ 'My_MySQL' ]); Set($ExternalServiceUsesSSLorTLS,0); Set($AutoCreateNonExternalUsers,0); Set($ExternalSettings, { # AN EXAMPLE DB SERVICE 'My_MySQL' = { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' = 'db', # The server hosting the service 'server' = 'localhost', ## SERVICE-SPECIFIC SECTION # The database name 'database' = 'phpbb3', # The database table 'table' = 'phpbbusers', # The user to connect to the database as 'user' = 'phpbb3', # The password to use to connect with 'pass' = '**', # The port to use to connect with (e.g. 3306) 'port' = '3306', # The name of the Perl DBI driver to use (e.g. mysql) 'dbi_driver' = 'mysql', # The field in the table that holds usernames 'u_field' = 'username', # The field in the table that holds passwords 'p_field' = 'user_password', # The Perl package subroutine used to encrypt passwords # e.g. if the passwords are stored using the MySQL v3.23 PASSWORD # function, then you will need Crypt::MySQL::password, but for the # MySQL4+ password function you will need Crypt::MySQL::password41 # Alternatively, you could use Digest::MD5::md5_hex or any other # encryption subroutine you can load in your perl installation 'p_enc_pkg' = 'Crypt::MySQL::password41', #'p_enc_sub' = 'password41', # If your p_enc_sub takes a salt as a second parameter, # uncomment this line to add your salt #'p_salt' = 'SALT', # # The field and values in the table that determines if a user should # be disabled. For example, if the field is 'user_status' and the values # are ['0','1','2','disabled'] then the user will be disabled if their # user_status is set to '0','1','2' or the string 'disabled'. # Otherwise, they will be considered enabled. 'd_field' = 'disabled', 'd_values' = ['0'], ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user 'attr_match_list' = [ 'Gecos', 'Name' ], # The mapping of RT attributes on to field names
[rt-users] How to sync tickets from two RT.
Hi, this is the case: we have two organizations: 1) A 2) B Both A and B have own RT. (A-RT and B-RT) This is what I would like to do: When people from A put ticket to owne A-RT in B queue. B-RT will take from A-RT this ticket and put him to B-RT. What tools we have make sync beteewn two RT ? Should we have the same RT in A nad B or we could have in A 3.8 and in B 4.0 ? -- Best Regards Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Washington DC, USA October 31 November 1, 2011 * Barcelona, Spain November 28 29, 2011
[rt-users] Information how long a ticket stayed in the NEW state
Hi, I need help with getting from RT the information how long a ticket stayed in the NEW state. We have: Activity Reports JS Gantt extension but there is missing this information information. Any idea, perhaps we could check this in data base but where ? Table ? RT 3.8.8 Debian repository. -- Best Regards Adrian Stelmaszyk RT Training Sessions (http://bestpractical.com/services/training.html) * Chicago, IL, USA September 26 27, 2011 * San Francisco, CA, USA October 18 19, 2011 * Washington DC, USA October 31 November 1, 2011 * Melbourne VIC, Australia November 28 29, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Problem with login when we using https://
Hi, it does not matter where I click, RT always log me off. this is only two of the many examples: https://rt.ige.psnc.pl/rt/Search/Build.html https://rt.ige.psnc.pl/rt/Prefs/Other.html Yes certs works great. When I have CN = RT user name, I will be log in automatically, problem appears when you try use https:// with CN RT user name and use your user/pass. Any Idea ? Best Regards 2011/7/21 Kevin Falcone falc...@bestpractical.com: On Thu, Jul 21, 2011 at 10:10:31AM +0200, Adrian Stel wrote: Hi Kevin, link after log in: https://rt.ige.psnc.pl/rt/ link after log off depends on where I click: https://rt.ige.psnc.pl/rt/Search/Build.html https://rt.ige.psnc.pl/rt/Prefs/Other.html Is it any link that logs you off, or in particular those two? I also note that you say that you're using SSL certs but falling back to internal auth. Are the SSL certs ever working? If not, it's entirely possible that RT is clearing your cooking on every page because you've told it to get the REMOTE_USER from your SSL certs. -kevin this is log: [Thu Jul 21 08:06:28 2011] [info]: Successful login for adisan from 150.254.149.220 (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:430) [Thu Jul 21 08:06:29 2011] [error]: gpg: error reading key: public key not found (/usr/share/request-tracker3.8/lib/RT/Crypt/GnuPG.pm:2115) [Thu Jul 21 08:06:29 2011] [error]: gpg: error reading key: public key not found (/usr/share/request-tracker3.8/lib/RT/Crypt/GnuPG.pm:2115) [Thu Jul 21 08:07:12 2011] [info]: Successful login for adisan from 150.254.149.220 (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:430) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/100 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/100 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) Adrian 2011/7/20 Kevin Falcone falc...@bestpractical.com: On Wed, Jul 20, 2011 at 01:35:22PM +0200, Adrian Stel wrote: we have strange problem, we are using certificates for authentication to RT. User name in RT should be the same as your CN. The problem is if we have different user name and using https://, in normal case we should be able to use user/pass. And we are, but until we click on any link. After that we will be automatically logged off. Please provide the link before and after the click that logs you off. You also should provide your configuration and relevant logs. -kevin 2011 Training: http://bestpractical.com/services/training.html -- Pozdrawiam Adrian Stelmaszyk 2011 Training: http://bestpractical.com/services/training.html 2011 Training: http://bestpractical.com/services/training.html -- Pozdrawiam Adrian Stelmaszyk 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] Problem with login when we using https://
Hi Kevin, link after log in: https://rt.ige.psnc.pl/rt/ link after log off depends on where I click: https://rt.ige.psnc.pl/rt/Search/Build.html https://rt.ige.psnc.pl/rt/Prefs/Other.html this is log: [Thu Jul 21 08:06:28 2011] [info]: Successful login for adisan from 150.254.149.220 (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:430) [Thu Jul 21 08:06:29 2011] [error]: gpg: error reading key: public key not found (/usr/share/request-tracker3.8/lib/RT/Crypt/GnuPG.pm:2115) [Thu Jul 21 08:06:29 2011] [error]: gpg: error reading key: public key not found (/usr/share/request-tracker3.8/lib/RT/Crypt/GnuPG.pm:2115) [Thu Jul 21 08:07:12 2011] [info]: Successful login for adisan from 150.254.149.220 (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:430) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/100 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/100 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) Adrian 2011/7/20 Kevin Falcone falc...@bestpractical.com: On Wed, Jul 20, 2011 at 01:35:22PM +0200, Adrian Stel wrote: we have strange problem, we are using certificates for authentication to RT. User name in RT should be the same as your CN. The problem is if we have different user name and using https://, in normal case we should be able to use user/pass. And we are, but until we click on any link. After that we will be automatically logged off. Please provide the link before and after the click that logs you off. You also should provide your configuration and relevant logs. -kevin 2011 Training: http://bestpractical.com/services/training.html -- Pozdrawiam Adrian Stelmaszyk 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] Problem with login when we using https://
Hi, I forgot added configuration info: RT_SiteConfig.pm # tells RT to use the REMOTE_USER provided by the web server Set($WebExternalAuth , 1); # tells RT to display its normal login screen if REMOTE_USER fails Set($WebFallbackToInternalAuth , 1); # tells RT to create users automatically if no user matching REMOTE_USER is found Set($WebExternalAuto , 0); Set($WebExternalAuthContinuous, 1); httpd.conf VirtualHost *:443 SSLEngine On SSLVerifyClient require SSLVerifyDepth 1 #- # SSL_CLIENT_S_DN_CN = user name from cert SSLUserName SSL_CLIENT_S_DN_CN #- #--- # SSLCACertificatePath /usr/lib/ssl/certs/ SSLCADNRequestPath /usr/lib/ssl/certs/ #--- # # server cert SSLCertificateFile /etc/apache2/ssl/10563550.pem SSLCertificateKeyFile /etc/apache2/ssl/myserver.key # #- # CA cert SSLCertificateChainFile /etc/apache2/ssl/ca.crt SSLCACertificateFile /etc/apache2/ssl/ca.crt #- ServerAdmin i...@mydomain.com ServerName rt.ige.psnc.pl:443 DocumentRoot /var/www/ ErrorLog /var/log/apache2/error.log CustomLog /var/log/apache2/access.log combined Include /etc/request-tracker3.8/apache2-modperl2.conf RedirectMatch ^/$ /rt/ /VirtualHost 2011/7/21 Adrian Stel adisa...@gmail.com: Hi Kevin, link after log in: https://rt.ige.psnc.pl/rt/ link after log off depends on where I click: https://rt.ige.psnc.pl/rt/Search/Build.html https://rt.ige.psnc.pl/rt/Prefs/Other.html this is log: [Thu Jul 21 08:06:28 2011] [info]: Successful login for adisan from 150.254.149.220 (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:430) [Thu Jul 21 08:06:29 2011] [error]: gpg: error reading key: public key not found (/usr/share/request-tracker3.8/lib/RT/Crypt/GnuPG.pm:2115) [Thu Jul 21 08:06:29 2011] [error]: gpg: error reading key: public key not found (/usr/share/request-tracker3.8/lib/RT/Crypt/GnuPG.pm:2115) [Thu Jul 21 08:07:12 2011] [info]: Successful login for adisan from 150.254.149.220 (/usr/share/request-tracker3.8/lib/RT/Interface/Web.pm:430) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/100 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/100 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) [Thu Jul 21 08:07:13 2011] [warning]: Resolver RT::URI::fsck_com_rt could not parse fsck.com-rt://IGE /ticket/99 (/usr/share/request-tracker3.8/lib/RT/URI.pm:147) Adrian 2011/7/20 Kevin Falcone falc...@bestpractical.com: On Wed, Jul 20, 2011 at 01:35:22PM +0200, Adrian Stel wrote: we have strange problem, we are using certificates for authentication to RT. User name in RT should be the same as your CN. The problem is if we have different user name and using https://, in normal case we should be able to use user/pass. And we are, but until we click on any link. After that we will be automatically logged off. Please provide the link before and after the click that logs you off. You also should provide your configuration and relevant logs. -kevin 2011 Training: http://bestpractical.com/services/training.html -- Pozdrawiam Adrian Stelmaszyk -- Pozdrawiam Adrian Stelmaszyk 2011 Training: http://bestpractical.com/services/training.html
[rt-users] Problem with login when we using https://
Hi All, RT from deb, version 3.8.8 we have strange problem, we are using certificates for authentication to RT. User name in RT should be the same as your CN. The problem is if we have different user name and using https://, in normal case we should be able to use user/pass. And we are, but until we click on any link. After that we will be automatically logged off. Any idea what is wrong or perhaps this is not issues ?? If this is not issues pleace tell me way this happend. -- Best Regards Adrian Stelmaszyk 2011 Training: http://bestpractical.com/services/training.html
[rt-users] Certificate based access instead of username/pw
Hi, I would like to change standard access to RT from username/pw to certificates authorization. This is what I made in file: /usr/share/request-tracker3.8/etc/RT_Config.pm Set($WebExternalAuth, 1); Set($WebExternalAuthContinuous, 1); Set($WebFallbackToInternalAuth , undef); What next ? I got this information: SSLVerifyClient require SSLUserName SSL_CLIENT_S_DN_UID %u (remote user) logs as - for me, so is no help other than to indicate it's not working. But how i should read this info ? Of course I have all of the cert stuff working fine (required). Here is the link: rt.ige.psnc.pl https://r.ige.psnc.pl -- Best Regards, Adrian Stelmaszyk 2011 Training: http://bestpractical.com/services/training.html
Re: [rt-users] Certificate based access instead of username/pw
Hi, when I have Set($WebExternalAuth, 1); I'm not able to log in using user/pass. There is missing text box ;/ Any idea ? Best Regards Adrian 2011/7/1 Adrian Stel adisa...@gmail.com Hi, I would like to change standard access to RT from username/pw to certificates authorization. This is what I made in file: /usr/share/request-tracker3.8/etc/RT_Config.pm Set($WebExternalAuth, 1); Set($WebExternalAuthContinuous, 1); Set($WebFallbackToInternalAuth , undef); What next ? I got this information: SSLVerifyClient require SSLUserName SSL_CLIENT_S_DN_UID %u (remote user) logs as - for me, so is no help other than to indicate it's not working. But how i should read this info ? Of course I have all of the cert stuff working fine (required). Here is the link: rt.ige.psnc.pl https://r.ige.psnc.pl -- Best Regards, Adrian Stelmaszyk -- Pozdrawiam Adrian Stelmaszyk 2011 Training: http://bestpractical.com/services/training.html
[rt-users] How to add additional e-mail address
Hi All, how to add additional e-mail address, when I submitt ticket notification are sent only to private e-mail address I would like to send copy this e-mail to another address. -- Best Regards Adrian Stelmaszyk
[rt-users] Change Email Subject Line ??
Hi All, I would like to add issues priority to Email Subject, for example: orginal subject is: [support #98] [Comment] Testing - Ignore me... new subject: [support #98] [Comment] Testing - Ignore me... Priority 5 -- Best Regards Adrian Stelmaszyk
[rt-users] Certificate based access instead of username/pw
Hi, I would like to change standard access to RT from username/pw to certificates authorization. Is there any simple way to do that ? Or any additions to the RT ? Best Regards Adrian
[rt-users] How best to allow anyone to access, create tickets and respond to their own tickets
Hi, The only remaining question is how best to allow anyone to access, create tickets and respond to their own tickets. Do you happen to know if RT supports an auto account creating feature? If so, how does it work? Solution this is not good: Anyone can view the public queues and tickets by logging in as the 'guest' user with the password 'readonly'. :) Best Regards Adrian