TYPO3 – Backend Login with RSA after server changes on CentOS

Question

I recently made a few server changes concerning and PHP-xml updates – unfortunately I can't really put my finger on what I exactly did.

After the changes we have not been able to log into the backend again. Only if we configure $TYPO3_CONF_VARS['BE']['loginSecurityLevel'] to be "normal" in the install tool.

If I try to login with the settings switch to "rsa", I get an error, that my password is wrong.

I cannot find any error logs referencing this problem in the php logs nor in the admin logs in the TYPO3 backend.

I already traced the network connection with the "rsa" setting. The browser makes a JavaScript request which does not fail and then sands a hash to the server in the HTTP header. I guess that procedure is working.

I guessed that it could be a malfunctioning OpenSSL configuration, but the install tool says: "PHP OpenSSL extension installed properly".

Server specifications:

• CentOS 6.5 with SELinux in the Microsoft Azure cloud
• PHP Version is 5.5.20
• Apache Version is 2.2.22
• TYPO3 Version is 6.2.6

Has anybody an idea, what could be wrong?

Answer 1

A friend of mine solved the issue. We had a vhost constellation with each web root folder belonging to a different system user. This resulted in an error on writing the php session (using a different system user on every project).

Set permission for the php session folder (only the folder not the files within!) to 777. The session folder belongs to a different non project specific system user (apache/www-data/whatever).

chmod 0777 /var/lib/php/session

Now every system user for every project has the rights to write a session. The session files itself get more restrictive rights anyway.