> > > >Some possibilities: > > * Is your installation running at a fully-qualified domain > > name (FQDN)? Something like host.domain.com > > /etc/hosts has three aliases for the computer: > localhost > smde-hl066 > smde-hl066.de.draeger.com > the entries in the host table of the midgard db contain 'smde-hl066', the > apache ServerName is smde-hl066 too. >
You should use the FQDN (smde-hl066.de.draeger.com). > > * Can Apache write to the specified PHP session directory? > yes, it is set to /tmp > session directory should never be world readable (like /tmp is), I suggest moving the session directory to /var/state/php. > > > * Do you accept cookies from the host? > yes, I get this one: > >NemeinAuthentication_e0d524dc97bc0adeb578924ce32f0358=ecb315ecbbc4aed4aaa638b1825787e7; > > path=/aegir; domain=smde-hl066 > there should be more (this is propably the session id), but since the hostname used is not FQDN it propably causes the setcookie() calls to fail (setcookie seems to require FQDN, other option is that the browser refuses cookies coming from host x that are meant to be read in host y [alias vs fqdn]). > btw: > Nadminstudio ran perfectly on this machine before. What's the difference in > authentification between nadmin and aegir? > Nadmin used (basically) base64 encoded username and password in the cookies (very secure indeed, anyone sniffing the connection at any point could read the username and password also anyone with access to the cookies could read the password [and username]) , aegir uses nemeinauthentication (which is only vulnarable to sniffing [without SSL, with SSL it's very secure] when password is actually submitted) which uses sessions and some pretty hardcore doublechecks to make session hijacking next to impossible (it's in theory possible if attacker can access the sessions data on the server side, this indicates much greater problems with the servers security), the downside is that it requires FQDN for the host (to set the cookie hosts). -- Eero af Heurlin [EMAIL PROTECTED] Consultant Partner Tel: +358 (0)20 198 6035 Nemein Solutions Oy http://www.nemein.com/ Nadmin Studio and Midgard support at +358-20-198 6050 / [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
