[rt-users] Heartbleed OpenSSL vulnerability
I haven't seen anything on this mailing list, or on the Best Practical web site, that discusses the Heartbleed vulnerability. Does RT use OpenSSL in any way? My server had a vulnerable version of OpenSSL installed at the time RT was compiled. I would like to know if RT needs to be recompiled/upgraded now that OpenSSL has been patched. Thanks, Fred - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. NOTICE TO RECIPIENT(S) OF INFORMATION: Information disclosed to you pertaining to certain conditions, such as treatment for alcohol or drug abuse, HIV/AIDS and other sexually transmitted diseases, behavioral health, and genetic marker information is protected by various federal and state laws which prohibit any further disclosure of this information by you without the express written consent of the person to whom it pertains or as otherwise permitted by such laws. Any unauthorized further disclosure in violation of state or federal law may result in a fine or jail sentence or both. A general authorization for the release of medical or other information is NOT sufficient consent for release of these types of information. The federal rule at 42 CFR Part 2 restricts use of the information disclosed to criminally investigate or prosecute any alcohol or drug abuse patient.-- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT interface not working
I was able to fix this problem on my RT. FWIW if anyone else is still having a problem: When I tried to use the CLI /opt/rt3/bin/rt it kept giving me errors related to the Util.pm file. I deleted the file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm, then downloaded Scalar::Util and manually installed it. Restarted httpd and now everything is back to normal.- The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Able to login with fake password
I did as you suggested and that resolved the problem. Thanks for the help. From: Jesse Vincent [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 1:24 PM To: Percynski, Fred Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Able to login with fake password On Aug 18, 2008, at 3:51 PM, Percynski, Fred wrote: The last changes I was making was to get external authentication to Active Directory working.I tried installing RT::Authen::ExternalAuth but it never finished successfully. I did install Bundle::Net::LDAP sucessfully. It looks like RT::Authen::ExternalAuth left things lying around which are messing with RT's authentication process. I'd recommend fully removing the files it installed and seeing how things look then. In particular, I'd remove things from /opt/rt3/local -j From: Jesse Vincent [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2008 1:59 PM To: Percynski, Fred Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Able to login with fake password On Aug 18, 2008, at 1:40 PM, Percynski, Fred wrote: error: Can't use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56. Fred, Looks like you've installed a custom RT extension. What did you install? - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions.___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Able to login with fake password
I get an error each time I try to login to RT. And even worse, I found that I can login with a fake password. --- Start of error message - System error error: Can't use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56. context: unable to open file code stack: /opt/rt3/local/lib/RT/User_Vendor.pm:56 /opt/rt3/local/lib/RT/User_Vendor.pm:359 /opt/rt3/lib/RT/CurrentUser.pm:309 /opt/rt3/share/html/autohandler:247 Can't use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56. Trace begun at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Exceptions.pm line 129 HTML::Mason::Exceptions::rethrow_exception('Can\'t use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56.^J') called at /opt/rt3/local/lib/RT/User_Vendor.pm line 56 RT::User::IsExternalPassword('RT::User=HASH(0xb9690c0)', 'boguspassword') called at /opt/rt3/local/lib/RT/User_Vendor.pm line 359 RT::User::IsPassword('RT::User=HASH(0xb9690c0)', 'boguspassword') called at /opt/rt3/lib/RT/CurrentUser.pm line 309 RT::CurrentUser::IsPassword('RT::CurrentUser=HASH(0xb990af4)', 'boguspassword') called at /opt/rt3/share/html/autohandler line 247 HTML::Mason::Commands::__ANON__('pass', 'boguspassword', 'user', 'fpercynski') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135 HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0xb3 6f2c0)', 'pass', 'boguspassword', 'user', 'fpercynski') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1273 eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1268 HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'boguspassword', 'user', 'fpercynski') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 467 eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 467 eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 419 HTML::Mason::Request::exec('HTML::Mason::Request::ApacheHandler=HASH(0xb 99677c)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 168 HTML::Mason::Request::ApacheHandler::exec('HTML::Mason::Request::ApacheH andler=HASH(0xb99677c)') called at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 825 HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=H ASH(0x9f95b18)', 'Apache2::RequestRec=SCALAR(0xb9568a0)') called at /opt/rt3/bin/webmux.pl line 125 eval {...} at /opt/rt3/bin/webmux.pl line 125 RT::Mason::handler('Apache2::RequestRec=SCALAR(0xb9568a0)') called at -e line 0 eval {...} at -e line 0 --- End of error message - In the above error message the word boguspassword is the plain text representation of the password that I typed in. Which is not my real password and should not allow me to login. But if I press F5 in my browser and resubmit the information I am then successfully logged in to RT under my account. Obviously I have configured something in a bad way. But I can't figure out what. About two months ago I was trying to get RT to authenticate against Active Directory. I tried to install RT::Authen::ExternalAuth but it never finished successfully. Nonetheless part of the installation must have worked because I have an $RTHOME/local/etc/Authen-ExternalAuth/ directory. Searching the archives makes me believe the error message above is in some way related to external authentication. I have not manually modified $RTHOME/etc/RT_SiteConfig.pm in any way to use external authentication. RT version is 3.6.6 - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions.___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Able to login with fake password
The last changes I was making was to get external authentication to Active Directory working.I tried installing RT::Authen::ExternalAuth but it never finished successfully. I did install Bundle::Net::LDAP sucessfully. From: Jesse Vincent [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2008 1:59 PM To: Percynski, Fred Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Able to login with fake password On Aug 18, 2008, at 1:40 PM, Percynski, Fred wrote: error: Can't use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56. Fred, Looks like you've installed a custom RT extension. What did you install? - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions.___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com