[rt-users] Heartbleed OpenSSL vulnerability
I haven't seen anything on this mailing list, or on the Best Practical web site, that discusses the Heartbleed vulnerability. Does RT use OpenSSL in any way? My server had a vulnerable version of OpenSSL installed at the time RT was compiled. I would like to know if RT needs to be recompiled/upgraded now that OpenSSL has been patched. Thanks, Fred - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. NOTICE TO RECIPIENT(S) OF INFORMATION: Information disclosed to you pertaining to certain conditions, such as treatment for alcohol or drug abuse, HIV/AIDS and other sexually transmitted diseases, behavioral health, and genetic marker information is protected by various federal and state laws which prohibit any further disclosure of this information by you without the express written consent of the person to whom it pertains or as otherwise permitted by such laws. Any unauthorized further disclosure in violation of state or federal law may result in a fine or jail sentence or both. A general authorization for the release of medical or other information is NOT sufficient consent for release of these types of information. The federal rule at 42 CFR Part 2 restricts use of the information disclosed to criminally investigate or prosecute any alcohol or drug abuse patient.-- RT Training - Dallas May 20-21 http://bestpractical.com/training
Re: [rt-users] RT interface not working
I was able to fix this problem on my RT. FWIW if anyone else is still having a problem: When I tried to use the CLI /opt/rt3/bin/rt it kept giving me errors related to the Util.pm file. I deleted the file /usr/lib/perl5/5.8.8/i386-linux-thread-multi/Scalar/Util.pm, then downloaded Scalar::Util and manually installed it. Restarted httpd and now everything is back to normal.- The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Able to login with fake password
I did as you suggested and that resolved the problem. Thanks for the help. From: Jesse Vincent [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 19, 2008 1:24 PM To: Percynski, Fred Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Able to login with fake password On Aug 18, 2008, at 3:51 PM, Percynski, Fred wrote: The last changes I was making was to get external authentication to Active Directory working.I tried installing RT::Authen::ExternalAuth but it never finished successfully. I did install Bundle::Net::LDAP sucessfully. It looks like RT::Authen::ExternalAuth left things lying around which are messing with RT's authentication process. I'd recommend fully removing the files it installed and seeing how things look then. In particular, I'd remove things from /opt/rt3/local -j From: Jesse Vincent [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2008 1:59 PM To: Percynski, Fred Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Able to login with fake password On Aug 18, 2008, at 1:40 PM, Percynski, Fred wrote: error: Can't use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56. Fred, Looks like you've installed a custom RT extension. What did you install? - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions. ___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions.___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
[rt-users] Able to login with fake password
I get an error each time I try to login to RT. And even worse, I found
that I can login with a fake password.
--- Start of error message -
System error
error: Can't use an undefined value as an ARRAY reference at
/opt/rt3/local/lib/RT/User_Vendor.pm line 56.
context: unable to open file
code stack: /opt/rt3/local/lib/RT/User_Vendor.pm:56
/opt/rt3/local/lib/RT/User_Vendor.pm:359
/opt/rt3/lib/RT/CurrentUser.pm:309
/opt/rt3/share/html/autohandler:247
Can't use an undefined value as an ARRAY reference at
/opt/rt3/local/lib/RT/User_Vendor.pm line 56.
Trace begun at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Exceptions.pm
line 129
HTML::Mason::Exceptions::rethrow_exception('Can\'t use an undefined
value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line
56.^J') called at /opt/rt3/local/lib/RT/User_Vendor.pm line 56
RT::User::IsExternalPassword('RT::User=HASH(0xb9690c0)',
'boguspassword') called at /opt/rt3/local/lib/RT/User_Vendor.pm line 359
RT::User::IsPassword('RT::User=HASH(0xb9690c0)', 'boguspassword') called
at /opt/rt3/lib/RT/CurrentUser.pm line 309
RT::CurrentUser::IsPassword('RT::CurrentUser=HASH(0xb990af4)',
'boguspassword') called at /opt/rt3/share/html/autohandler line 247
HTML::Mason::Commands::__ANON__('pass', 'boguspassword', 'user',
'fpercynski') called at
/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Component.pm line 135
HTML::Mason::Component::run('HTML::Mason::Component::FileBased=HASH(0xb3
6f2c0)', 'pass', 'boguspassword', 'user', 'fpercynski') called at
/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 1273
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line
1268
HTML::Mason::Request::comp(undef, undef, undef, 'pass', 'boguspassword',
'user', 'fpercynski') called at
/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line 467
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line
467
eval {...} at /usr/lib/perl5/site_perl/5.8.8/HTML/Mason/Request.pm line
419
HTML::Mason::Request::exec('HTML::Mason::Request::ApacheHandler=HASH(0xb
99677c)') called at
/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 168
HTML::Mason::Request::ApacheHandler::exec('HTML::Mason::Request::ApacheH
andler=HASH(0xb99677c)') called at
/usr/lib/perl5/site_perl/5.8.8/HTML/Mason/ApacheHandler.pm line 825
HTML::Mason::ApacheHandler::handle_request('HTML::Mason::ApacheHandler=H
ASH(0x9f95b18)', 'Apache2::RequestRec=SCALAR(0xb9568a0)') called at
/opt/rt3/bin/webmux.pl line 125
eval {...} at /opt/rt3/bin/webmux.pl line 125
RT::Mason::handler('Apache2::RequestRec=SCALAR(0xb9568a0)') called at -e
line 0
eval {...} at -e line 0
--- End of error message -
In the above error message the word boguspassword is the plain text
representation of the password that I typed in. Which is not my real
password and should not allow me to login. But if I press F5 in my
browser and resubmit the information I am then successfully logged in to
RT under my account.
Obviously I have configured something in a bad way. But I can't figure
out what.
About two months ago I was trying to get RT to authenticate against
Active Directory. I tried to install RT::Authen::ExternalAuth but it
never finished successfully. Nonetheless part of the installation must
have worked because I have an $RTHOME/local/etc/Authen-ExternalAuth/
directory. Searching the archives makes me believe the error message
above is in some way related to external authentication. I have not
manually modified $RTHOME/etc/RT_SiteConfig.pm in any way to use
external authentication.
RT version is 3.6.6
-
The information contained in this message is privileged and confidential. It is
intended only for the recipient or entity listed above. If the reader of this
message is not the intended recipient, you are hereby notified that any
dissemination, distribution, or copying of this message is strictly prohibited.
If you have received this message in error, please notify the sender
immediately by replying to the message and promptly deleting it from your
computer. Thank you. Health Data Management Solutions.___
http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
Community help: http://wiki.bestpractical.com
Commercial support: [EMAIL PROTECTED]
Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
Buy a copy at http://rtbook.bestpractical.com
Re: [rt-users] Able to login with fake password
The last changes I was making was to get external authentication to Active Directory working.I tried installing RT::Authen::ExternalAuth but it never finished successfully. I did install Bundle::Net::LDAP sucessfully. From: Jesse Vincent [mailto:[EMAIL PROTECTED] Sent: Monday, August 18, 2008 1:59 PM To: Percynski, Fred Cc: rt-users@lists.bestpractical.com Subject: Re: [rt-users] Able to login with fake password On Aug 18, 2008, at 1:40 PM, Percynski, Fred wrote: error: Can't use an undefined value as an ARRAY reference at /opt/rt3/local/lib/RT/User_Vendor.pm line 56. Fred, Looks like you've installed a custom RT extension. What did you install? - The information contained in this message is privileged and confidential. It is intended only for the recipient or entity listed above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution, or copying of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately by replying to the message and promptly deleting it from your computer. Thank you. Health Data Management Solutions.___ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [EMAIL PROTECTED] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
