Smalltalk Gemtalk Gemstone/S

GemStone/S 64 Bit 3.1.0 login problems

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
6 messages Options
Georg Gollmann
Reply | Threaded
Open this post in threaded view
|

GemStone/S 64 Bit 3.1.0 login problems

Georg Gollmann
Hello,

when doing a test upgrade from 3.0.1 to 3.1.0 all logins except for the SystemUser fail with:
> Login failed:  the GemStone userId/password combination is invalid
> or expired.

I am using GemStone authentication with no password or account aging. I suspect the problem has something to do with the change of password encryption.

Is anyone else seeing this ?

Thanks!
Georg


_______________________________________________
GemStone-Smalltalk mailing list
Archive: http://forum.world.st/Gemstone-Customers-f1461796.html
Bill Erickson
Reply | Threaded
Open this post in threaded view
|

Re: GemStone/S 64 Bit 3.1.0 login problems

Bill Erickson

Alex,

Can you try sending reasonForDisabledAccount to the UserProfile of the problematic accounts to see why they're disabled?


> From: "Georg Gollmann" <[hidden email]>
> To: [hidden email]
> Sent: Tuesday, July 10, 2012 1:07:57 AM
> Subject: [GemStone-Smalltalk] GemStone/S 64 Bit 3.1.0 login problems
>
> Hello,
>
> when doing a test upgrade from 3.0.1 to 3.1.0 all logins except for
> the SystemUser fail with:
> > Login failed:  the GemStone userId/password combination is invalid
> > or expired.
>
> I am using GemStone authentication with no password or account aging.
> I suspect the problem has something to do with the change of
> password encryption.
>
> Is anyone else seeing this ?
>
> Thanks!
> Georg
_______________________________________________
GemStone-Smalltalk mailing list
Archive: http://forum.world.st/Gemstone-Customers-f1461796.html
Bill Erickson
Reply | Threaded
Open this post in threaded view
|

Re: GemStone/S 64 Bit 3.1.0 login problems

Bill Erickson
In reply to this post by Georg Gollmann

Georg,

> > Can you try sending reasonForDisabledAccount to the UserProfile of
> > the problematic accounts to see why they're disabled?
>
> I will recheck tomorrow but as far as I remember the accounts are
> marked as not disabled and the reason is nil. Therefore I speculate
> that somehow the passwords encrypted in the pre 3.1 way are no
> longer recognized.

No, it's not that.  The password encryption didn't change between 3.X and 3.1 and our own internal QA tests don't show any problems like this during conversion.

> Are there any other things I could check?

How are you logging in?  Topaz linked, Topaz RPC, GBS, GBJ, special code?

Could you try the logins using Topaz linked running on the stone machine as a baseline case (if you haven't already) that eliminates any possible SSL complications.

And can you keep this discussion on the gemstone-smalltalk forum so we have visibility with other users and engineers?  Thanks.

Regards,
Bill Erickson
_______________________________________________
GemStone-Smalltalk mailing list
Archive: http://forum.world.st/Gemstone-Customers-f1461796.html
Bill Erickson
Reply | Threaded
Open this post in threaded view
|

Re: GemStone/S 64 Bit 3.1.0 login problems

Bill Erickson


> No, it's not that.  The password encryption didn't change between 3.X
> and 3.1...

Skip that. Yes, the encryption method for newly made passwords *did* change in 3.1 to the format used by Secure Remote Password (SRP).  However, the system is designed to still recognize and accept the older password format (although it's recommended that users update their passwords to get the greater security afforded by the SRP design).

> ... and our own internal QA tests don't show any problems like
> this during conversion.

Still true, although your scenario might follow a path we missed.  So I'll need to know more about exactly how you're configured and doing things.

So the following requested bits of info are still desired:

> > Are there any other things I could check?
>
> How are you logging in?  Topaz linked, Topaz RPC, GBS, GBJ, special
> code?
>
> Could you try the logins using Topaz linked running on the stone
> machine as a baseline case (if you haven't already) that eliminates
> any possible SSL complications.

Can you also set $GS_DEBUG_SSL_LOG_DIR to an available directory on the host and forward on the generated log file?  Also a copy of the topaz output including header information and the login sequence.

> And can you keep this discussion on the gemstone-smalltalk forum so
> we have visibility with other users and engineers?

I'm curious enough about the issue to take a closer look even though this is outside our official help support system.

Regards,
Bill Erickson
_______________________________________________
GemStone-Smalltalk mailing list
Archive: http://forum.world.st/Gemstone-Customers-f1461796.html
Bill Erickson
Reply | Threaded
Open this post in threaded view
|

Re: GemStone/S 64 Bit 3.1.0 login problems

Bill Erickson
In reply to this post by Bill Erickson
Georg,

Never mind.  I went ahead and did a 3.0.1 to 3.1 upgrade for myself and duplicated the problem.  I've filed bug 42381 on the issue.

I'm afraid you'll have to manually reset the user passwords as SystemUser.  Sorry about that.

Regards,
Bill Erickson

_______________________________________________
GemStone-Smalltalk mailing list
Archive: http://forum.world.st/Gemstone-Customers-f1461796.html
Georg Gollmann
Reply | Threaded
Open this post in threaded view
|

Re: GemStone/S 64 Bit 3.1.0 login problems

Georg Gollmann

Am 11.07.2012 um 01:36 schrieb William Erickson:

> Never mind.  I went ahead and did a 3.0.1 to 3.1 upgrade for myself and duplicated the problem.  I've filed bug 42381 on the issue.

Thanks a lot !

BTW, I was using Topaz linked on the stone machine.

> I'm afraid you'll have to manually reset the user passwords as SystemUser.  Sorry about that.

No problem since I am only testing right now.

Kind regards,
Georg


_______________________________________________
GemStone-Smalltalk mailing list
Archive: http://forum.world.st/Gemstone-Customers-f1461796.html
Free forum by Nabble Edit this page