Upgrade from 2.1.14-1 to 2.1.15 - Authorization failed.

Hello,
I’m in the process of upgrading a mailman 2.1.14-1 installation to a 2.1.15 installation.
Basically I have a 2.1.14 and 2.1.15 in their own folders and created a symbolic link to name ‘mailman’ when switching between the two.
In addition I’ve centralized my ‘archives’ and ‘lists’ folders and have symbolic links in the 2.1.14 and 2.1.15 folders to share these folders.
When I attempt to login to a private list using 2.1.14 I’m able to get to the list with my password.
However, if I switch over to 2.1.15 I get an “Authorization failed.” error.
Interestingly on my test machine I have an identical configuration, just the host name is different. And switch between 2.1.14 & 2.1.15 do not get the “Authorization failed.” error.
Anyone have any idea in what I might check to resolve this error with the password?
thanks,
Patrick

On 10/5/2012 4:34 PM, Patrick wrote:
When I attempt to login to a private list using 2.1.14 I’m able to get to the list with my password.
However, if I switch over to 2.1.15 I get an “Authorization failed.” error.
Interestingly on my test machine I have an identical configuration, just the host name is different. And switch between 2.1.14 & 2.1.15 do not get the “Authorization failed.” error.
Anyone have any idea in what I might check to resolve this error with the password?
Look at the action URL in the form tag on the login page. Is it what you expect? is it a URL that is redirected in your web server? See the FAQs at <http://wiki.list.org/x/loA9> and <http://wiki.list.org/x/ioA9>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

Look at the action URL in the form tag on the login page. Is it what you expect?
Yes, it is correct. A fully qualified name. Apache is not doing any redirection.
I've tried:
$prefix/bin/withlist -l -r fix_url listname
and
arch --wipe listname
Can you please point to what .py file and section I might add some debug output so I might better understand what's being evaluated to cause a "Authorization failed" error?
Thanks!
On Sun, Oct 7, 2012 at 9:17 PM, Mark Sapiro <mark@msapiro.net> wrote:
On 10/5/2012 4:34 PM, Patrick wrote:
When I attempt to login to a private list using 2.1.14 I’m able to get to the list with my password.
However, if I switch over to 2.1.15 I get an “Authorization failed.” error.
Interestingly on my test machine I have an identical configuration, just the host name is different. And switch between 2.1.14 & 2.1.15 do not get the “Authorization failed.” error.
Anyone have any idea in what I might check to resolve this error with the password?
Look at the action URL in the form tag on the login page. Is it what you expect? is it a URL that is redirected in your web server? See the FAQs at <http://wiki.list.org/x/loA9> and <http://wiki.list.org/x/ioA9>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

On 10/10/2012 4:29 PM, Patrick wrote:
I've tried:
[...]
arch --wipe listname
This wouldn't help as the "Authorization failed" error occurs before any attempt has been made to access the archive files.
Can you please point to what .py file and section I might add some debug output so I might better understand what's being evaluated to cause a "Authorization failed" error?
In Mailman/Cgi/private.py, look for the following lines:
if not mlist.WebAuthenticate((mm_cfg.AuthUser,
mm_cfg.AuthListModerator,
mm_cfg.AuthListAdmin,
mm_cfg.AuthSiteAdmin),
password, username):
if cgidata.has_key('submit'):
# This is a re-authorization attempt
message = Bold(FontSize('+1', _('Authorization
failed.'))).Format() # give an HTTP 401 for authentication failure print 'Status: 401 Unauthorized'
and change the single line (wrapped here)
message = Bold(FontSize('+1', _('Authorization
failed.'))).Format()
to the three lines
message = Bold(FontSize('+1',
_("""Authorization failed.
User = '%(username)s'; Password = '%(password)s'"""))).Format()
This will display the Email address and Password being validated. If you think the password, and Email address if the context is for a list member, should be valid as a list member, moderator, owner or site admin, look at the WebAuthenticate method in Mailman/SecurityManager.py.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (2)
-
Mark Sapiro
-
Patrick