Hash-based Authentication Broken

Bug #131357 reported by TylerEss
4
Affects Status Importance Assigned to Milestone
zoneminder (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Binary package hint: zoneminder

The ZoneMinder Streaming Server (/usr/lib/cgi-bin/zms and nph-zms) does not work with hash-based authentication. The result of this is that you cannot view monitors at all when using hash-based authentication.

From the changelog:
zoneminder (1.22.3-1) unstable; urgency=low
  * Initial Version. (closes: #248393)
  * Patched out use of openssl; uses gnutls instead for MD5 hashes.

From my limited testing, the whole ZoneMinder system got patched except for zms.

After installing from this package and enabling hash-based authentication, zms barfs this into the syslog over and over:
zms[7823]: ERR [Unable to authenticate user]
zms[7824]: ERR [You need to build with openssl installed to use hash based authentication]

Installing libssl-dev and building from official ZoneMinder source (without ubuntu patches) results in a working zms.

Seems like zms still needs to be patched.

Revision history for this message
Daniel T Chen (crimsun) wrote :

Is this symptom still reproducible in 8.10 beta or later?

Changed in zoneminder:
status: New → Incomplete
Revision history for this message
TylerEss (tsable) wrote : Re: [Bug 131357] Re: Hash-based Authentication Broken

I don't believe so. It may even be possible that the issue was
related to PHP sessions and needing to log out / back in after
changing this setting.

My ZoneMinder install is currently working correctly using the
binary package, though I don't recall exactly what steps I took to
achieve that.

I suggest chalking this one up to PEBCAK unless other users have
also reported it.

-Tyler

> Is this symptom still reproducible in 8.10 beta or later?
>
> ** Changed in: zoneminder (Ubuntu)
> Status: New => Incomplete
>

Revision history for this message
Philip Muškovac (yofel) wrote :

This bug report is being closed due to your last comment regarding this being fixed with an update. For future reference you can manage the status of your own bugs by clicking on the current status in the yellow line and then choosing a new status in the revealed drop down box. You can learn more about bug statuses at https://wiki.ubuntu.com/Bugs/Status. Thank you again for taking the time to report this bug and helping to make Ubuntu better. Please submit any future bugs you may find. And sorry for the slow response.

Changed in zoneminder (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.