No Login possible

[bjwelker]

I try the Web GUI make everthing whats in the installation manual but i only get You must be logged in to view this page! after loggin in with pi user. The Programm chkpasswd return Authenticated when i run int via console

[mitchellurgero]

What version of Raspbian are you using? Also, check sudoers file: does it have pi with nopasswd? (When you use sudo, does it ask for a password?)

[bjwelker]

Hi, newest Jessie Lite Image And the sudoers file got nopasswd inside.

[mitchellurgero]

Can you send me the file "/var/log/apache2/error.log"?

[lukeismighty]

I am having the same issue on the jessie lite image. I've installed apache2 and such from the guide and the only error that comes up in the apache2 error.log is this:

sudo: no tty present and no askpass program specified

Thats it. The site complained at first about not being able to write to the app/auth_log folder, so I changed the folder ownership of the openrsd folder to the same user as in the apache2.conf file, so that error went away.

I'm not using it under the pi user, they've been deleted, but it is running under my user account that has all the same rights and such, basically just a different name. I did try it once with the pi user, which looked like it logged in, but the middle of the page only displayed that I needed to be authenticated (or logged in?) to view that page. Everything I clicked on displayed the same, except the logout, which logged me out.

[mitchellurgero]

I'll update the readme. The user that apache is running as needs nopasswd in the Sudo file (google how to disable Sudo password prompt for a specific user)

The next update I put up will allow Sudo password to avoid this issue.

Thanks for the explanation.

The reason this happens is because Sudo command prompts for password (which for a RPI it doesn't technically need to.) Now although this presents a security risk in the real world, as long as the RPI is not internet accessible (like you open ssh on your modem/router to access the pi remotely) using Sudo without a password is relatively safe.

[lukeismighty]

That fixes the login and THANKS!

I agree with the relatively safe conjecture. Would there be a downside to denying the nopassword sudo user account to not be able to ssh into the machine? That wouldn't block anything with the openrsd would it?

[mitchellurgero]

setting up Sudo to not use a password will not affect anything other than the Sudo command.

I am currently working on allowing openrsd to work properly with Sudo using a password. I didn't originally because its a pain in the ass to do in php as there is no readily API for it. However for now I would recommend using Sudo with nopasswd enabled in sudoers file for the user apache is running under.

[yustmenl]

I also can't log in and i have the password disabled in the sudoers file. and stil it keeps saying username and password incorrect although they are correct.

I checked the file "/var/log/apache2/error.log" and it was empty.

Any ideas?

Edit: after trying i get to the message to many loggons

[mitchellurgero]

Unblock your computer(blocked folder will have a list of blocked ips), reset the user passwd for pi and try again. Please make sure the user apache is running as does not ask for a password when running sudo. (To test: sudo whoami and it should return "root" without asking for a password)

[maxwowpow]

There is this article, where programs allowed to run as root explicitly (so we don't allow everything): http://unix.stackexchange.com/questions/79960/how-to-disable-requiretty-for-a-single-command-in-sudoers.

nginx ALL = (root) NOPASSWD: /path/to/program
Defaults!/path/to/program !requiretty

How many programs (approx.) does the GUI need to run?

For NGINX people with php7.0-fpm - default php user is "www-data", so if you want to test it out, you can allow sudo without password for this user (nginx keeps running as a normal user then)

[mitchellurgero]

Because OpenRSD has the option to run ANY program sudo nopasswd for all commands is required. (Which should be OK as long as the RPi is NOT internet facing.)

[CS-5]

Are there plans to allow for passwords in future versions?

[mitchellurgero]

For sudo? Yes there is - but this project is currently on the back burners for now.