Issue logging into staff interface [Plack log complains about missing encryption key]
Hello all, I’m having trouble logging into our staff interface this morning. Here’s what’s happening: * I’m running koha 23.05.04 * I get an Error 500 page after putting in my credentials * The only error message I can see in any log file is in plack-error.log * Exception 'Koha::Exceptions::MissingParameter' thrown 'No encryption_key in koha-conf.xml. Please generate a key. We recommend one of at least 32 bytes. (You might use 'pwgen 32' to do so.)' * I currently have the following line in my koha-conf.xml file, as the last entry before </config> * <!-- Added 1 Nov 2022 from warning in About page --> <encryption_key>__ENCRYPTION_KEY__</encryption_key> <!-- Added 1 Nov 2022 from warning in About page --> * I’ve tried generating a password with ‘pwd 32’, copying the first entry and replacing __ENCRYPTION_KEY__ with that entry, and have rebooted, but it didn’t make any difference so I reverted. Is this a bug? A known issue? Thanks in advance! Martin
Hi Martin, in which file did you replace it? You were on the right track there, but make sure to add the entry to the koha-conf.xml file used by your koha instances/sites. You might have changed the template instead of the used file. Hope this helps, Katrin On 10.11.23 16:02, Martin Morris wrote:
Hello all,
I’m having trouble logging into our staff interface this morning. Here’s what’s happening:
* I’m running koha 23.05.04 * I get an Error 500 page after putting in my credentials * The only error message I can see in any log file is in plack-error.log * Exception 'Koha::Exceptions::MissingParameter' thrown 'No encryption_key in koha-conf.xml. Please generate a key. We recommend one of at least 32 bytes. (You might use 'pwgen 32' to do so.)' * I currently have the following line in my koha-conf.xml file, as the last entry before </config> * <!-- Added 1 Nov 2022 from warning in About page --> <encryption_key>__ENCRYPTION_KEY__</encryption_key> <!-- Added 1 Nov 2022 from warning in About page --> * I’ve tried generating a password with ‘pwd 32’, copying the first entry and replacing __ENCRYPTION_KEY__ with that entry, and have rebooted, but it didn’t make any difference so I reverted.
Is this a bug? A known issue?
Thanks in advance!
Martin
_______________________________________________
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Hello Katrin, Thanks for your help. I edited koha-conf.xml in /etc/koha/sites/<instance>/koha-conf.xml, so I think that’s the right place? I’m also using 2FA in case that helps. Martin - - - - - - Hi Martin, in which file did you replace it? You were on the right track there, but make sure to add the entry to the koha-conf.xml file used by your koha instances/sites. You might have changed the template instead of the used file. Hope this helps, Katrin On 10.11.23 16:02, Martin Morris wrote:
Hello all,
I’m having trouble logging into our staff interface this morning. Here’s what’s happening:
* I’m running koha 23.05.04
* I get an Error 500 page after putting in my credentials
* The only error message I can see in any log file is in plack-error.log
* Exception 'Koha::Exceptions::MissingParameter' thrown 'No encryption_key in koha-conf.xml. Please generate a key. We recommend one of at least 32 bytes. (You might use 'pwgen 32' to do so.)'
* I currently have the following line in my koha-conf.xml file, as the last entry before </config>
* <!-- Added 1 Nov 2022 from warning in About page
-->
<encryption_key>__ENCRYPTION_KEY__</encryption_key>
<!-- Added 1 Nov 2022 from warning in About page
-->
* I’ve tried generating a password with ‘pwd 32’, copying the first entry and replacing __ENCRYPTION_KEY__ with that entry, and have rebooted, but it didn’t make any difference so I reverted.
Is this a bug? A known issue?
Thanks in advance!
Martin
_______________________________________________
Koha mailing list http://koha-community.org
Koha at lists.katipo.co.nz<https://lists.katipo.co.nz/mailman/listinfo/koha>
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Martin, I believe that should have worked especially after your reboot. I would add the key back, as you should not leave it with the placeholder string. Maybe someone else has an idea? Katrin On 10.11.23 20:11, Martin Morris wrote:
Hello Katrin,
Thanks for your help. I edited koha-conf.xml in /etc/koha/sites/<instance>/koha-conf.xml, so I think that’s the right place?
I’m also using 2FA in case that helps.
Martin
- - - - - -
Hi Martin,
in which file did you replace it?
You were on the right track there, but make sure to add the entry to the
koha-conf.xml file used by your koha instances/sites. You might have
changed the template instead of the used file.
Hope this helps,
Katrin
On 10.11.23 16:02, Martin Morris wrote:
Hello all, I’m having trouble logging into our staff interface this morning. Here’s what’s happening: * I’m running koha 23.05.04 * I get an Error 500 page after putting in my credentials * The only error message I can see in any log file is in plack-error.log * Exception 'Koha::Exceptions::MissingParameter' thrown 'No encryption_key in koha-conf.xml. Please generate a key. We recommend one of at least 32 bytes. (You might use 'pwgen 32' to do so.)' * I currently have the following line in my koha-conf.xml file, as the last entry before </config> * <!-- Added 1 Nov 2022 from warning in About page --> <encryption_key>__ENCRYPTION_KEY__</encryption_key> <!-- Added 1 Nov 2022 from warning in About page --> * I’ve tried generating a password with ‘pwd 32’, copying the first entry and replacing __ENCRYPTION_KEY__ with that entry, and have rebooted, but it didn’t make any difference so I reverted. Is this a bug? A known issue? Thanks in advance! Martin _______________________________________________ Koha mailing list http://koha-community.org Koha at lists.katipo.co.nz<https://lists.katipo.co.nz/mailman/listinfo/koha> Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
I’ve actually spotted one other error: Error decoding what should be base32 data: vg¥ o¯Ët©¹ìd`½Ï¯ïE¤9¯yïWŽ¼«{† at /usr/share/koha/lib/C4/Auth.pm line 886. 2023/11/10-15:12:36 Received QUIT. Running a graceful shutdown Sending children hup signal 2023/11/10-15:12:37 Worker processes cleaned up 2023/11/10-15:12:37 Server closing! Could this be an issue with the encryption key? It was just randomly chosen from the options I got from pwgen 32. Thanks again! Martin
- - - - - -
Hi Martin, I believe that should have worked especially after your reboot. I would add the key back, as you should not leave it with the placeholder string. Maybe someone else has an idea? Katrin On 10.11.23 20:11, Martin Morris wrote:
Hello Katrin,
Thanks for your help. I edited koha-conf.xml in /etc/koha/sites/<instance>/koha-conf.xml, so I think that’s the right place?
I’m also using 2FA in case that helps.
Martin
- - - - - -
Hi Martin,
in which file did you replace it?
You were on the right track there, but make sure to add the entry to the
koha-conf.xml file used by your koha instances/sites. You might have
changed the template instead of the used file.
Hope this helps,
Katrin
On 10.11.23 16:02, Martin Morris wrote:
Hello all,
I’m having trouble logging into our staff interface this morning. Here’s what’s happening:
* I’m running koha 23.05.04
* I get an Error 500 page after putting in my credentials
* The only error message I can see in any log file is in plack-error.log
* Exception 'Koha::Exceptions::MissingParameter' thrown 'No encryption_key in koha-conf.xml. Please generate a key. We recommend one of at least 32 bytes. (You might use 'pwgen 32' to do so.)'
* I currently have the following line in my koha-conf.xml file, as the last entry before </config>
* <!-- Added 1 Nov 2022 from warning in About page
-->
<encryption_key>__ENCRYPTION_KEY__</encryption_key>
<!-- Added 1 Nov 2022 from warning in About page
-->
* I’ve tried generating a password with ‘pwd 32’, copying the first entry and replacing __ENCRYPTION_KEY__ with that entry, and have rebooted, but it didn’t make any difference so I reverted.
Is this a bug? A known issue?
Thanks in advance!
Martin
_______________________________________________
Koha mailing list http://koha-community.org
Koha at lists.katipo.co.nz<https://lists.katipo.co.nz/mailman/listinfo/koha>
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
_______________________________________________
Koha mailing list http://koha-community.org
Koha at lists.katipo.co.nz<https://lists.katipo.co.nz/mailman/listinfo/koha>
Unsubscribe: https://lists.katipo.co.nz/mailman/listinfo/koha
Hi Martin This is what I tried, not sure whether this helps or not.... as it is not something I know a great deal about. Using the koha-testing-docker (or KTD, the environment used for testing by many in the Koha Community), I set an encryption key, enabled the two-factor authentication system preference, then set up 2FA for a patron - could log in OK (used Aegis as my authenticator app). If I changed the encryption key, then restarted everything, I can no longer log in - the code I enter from the App doesn't work, and I get an error trace: Error decoding what should be base32 data: ��gHZxr �ZCP���*9i �� at /kohadevbox/koha/C4/Auth.pm line 886. at /usr/lib/x86_64-linux-gnu/perl-base/Carp.pm line 289 So, maybe changing the encryption key is a bad thing with 2FA already enabled is? A relatively recent change in behavour (added in 23.05.01, 22.11.07) was made by bug 33934 ( https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33934), which doesn't allow the use of __ENCRYPTION_KEY__ - it needs to be something else other than this. Maybe this is an unintended consequence of that change? I'll let others comment on that if that is the case. To resolve the issue, I changed the user in the database - I could then log in again (I'm not sure whether this is the right way, but it worked for me): update borrowers set auth_method="password" where borrowernumber="XXXX"; I'm not really sure how this should be managed - that is, if you change your encryption key, then all your patrons with two-factor authentication set up won't be able to log in. David Nind New Zealand
Hi David That did it, thank you! Switching from 2FA back to Password, and then reenabling 2FA in the interface works perfectly. Thank you very much for this. It does indeed look like an unintended consequence of that change – so I’ll file a bug. Thanks again, Martin From: David Nind <david@davidnind.com> Date: Friday, 10 November 2023 at 17:23 To: Martin Morris <martinbmorris@gmail.com> Cc: koha@lists.katipo.co.nz <koha@lists.katipo.co.nz> Subject: Re: [Koha] Issue logging into staff interface [Plack log complains about missing encryption key] Hi Martin This is what I tried, not sure whether this helps or not.... as it is not something I know a great deal about. Using the koha-testing-docker (or KTD, the environment used for testing by many in the Koha Community), I set an encryption key, enabled the two-factor authentication system preference, then set up 2FA for a patron - could log in OK (used Aegis as my authenticator app). If I changed the encryption key, then restarted everything, I can no longer log in - the code I enter from the App doesn't work, and I get an error trace: Error decoding what should be base32 data: ��gHZxr �ZCP���*9i �� at /kohadevbox/koha/C4/Auth.pm line 886. at /usr/lib/x86_64-linux-gnu/perl-base/Carp.pm line 289 So, maybe changing the encryption key is a bad thing with 2FA already enabled is? A relatively recent change in behavour (added in 23.05.01, 22.11.07) was made by bug 33934 (https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=33934), which doesn't allow the use of __ENCRYPTION_KEY__ - it needs to be something else other than this. Maybe this is an unintended consequence of that change? I'll let others comment on that if that is the case. To resolve the issue, I changed the user in the database - I could then log in again (I'm not sure whether this is the right way, but it worked for me): update borrowers set auth_method="password" where borrowernumber="XXXX"; I'm not really sure how this should be managed - that is, if you change your encryption key, then all your patrons with two-factor authentication set up won't be able to log in. David Nind New Zealand
participants (3)
-
David Nind -
Katrin Fischer -
Martin Morris