johnathan.bell at baker
Apr 12, 2012, 8:20 AM
I'm working on upgrading our existing installation of RT 3.8.4 to RT 4.0.1, and I've encountered a bit of a strange problem. I can manually change root's password (in RT) to something that I know (such as "password") via a MySQL statement:
Upgrading 3.8.4 to 4.0.1 - Root password??
UPDATE Users SET Password=md5('password') WHERE Name='root';
… and then logging in with the set password I choose works. However, if I log out and back in, I can no longer log in again with that same password and must reset it again to gain admin access again. Furthermore, if I set the password in the GUI to something else, it doesn't appear to have an effect either, though this may be caused by the same thing.
What's really weird though, is if I watch the root password entry in the database, the hash changes when I log in. So, say I log in with "password" … it changes to what appears to be a salted SHA hash instead.
Testing this further, I decided to start the DB over from scratch. I ran the upgrade processes, including the vulnerable-passwords script to upgrade the hashes, and that worked with the old password (it even flagged root as an account to update), but once again, after that first log in, I can no longer log back in.
What's the deal? Did I just miss something? What do I need to do to get this working? If I can provide any other useful information, please let me know. This is running on an Ubuntu server (11.10) with the package-managed version of RT, which with Ubuntu is 4.0.1. The database is the only thing I ported over, as there were only a couple of small changes I made to the HTML code, I figured the pages would be different enough that I'd need to just re-do them anyway.
Internet System Administrator, Baker College
Office Hours: 7A-4P Eastern, M-F