What are the default authentication credentials
Closed this issue · 16 comments
I am playing around w/ this project and I am getting an auth error locally
jdyer@retina:~ » repoclient -s localhost -p 8080 create foo 1 ↵
ERROR: Got unexpected status code 401. Expected 201.
The server said:
<html><head><title>Apache Tomcat/7.0.40 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 401 - Full authentication is required to access this resource</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Full authentication is required to access this resource</u></p><p><b>description</b> <u>This request requires HTTP authentication.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/7.0.40</h3></body></html>
jdyer@retina:~ »
What is the default username / password ?
Did you try to use a user/password known to the system?
On 28 October 2013 15:53, John Dyer notifications@github.com wrote:
I am playing around w/ this project and I am getting an auth error locally
jdyer@retina:~ » repoclient -s localhost -p 8080 create foo 1 ↵
<title>Apache Tomcat/7.0.40 - Error report</title><style></style>
ERROR: Got unexpected status code 401. Expected 201.
The server said:HTTP Status 401 - Full authentication is required to access this resource
type Status report
message Full authentication is required to access this resource
description This request requires HTTP authentication.
Apache Tomcat/7.0.40
jdyer@retina:~ »What is the default username / password ?
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29
.
See
https://github.com/ImmobilienScout24/yum-repo-server/blob/master/src/main/resources/security-context.xml,
it should be using PAM. Are you on Linux?
On 28 October 2013 16:28, John Dyer notifications@github.com wrote:
I did, but it's not working...
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-27221646
.
Per default we use 2 authentication methods.
- PAM authentication via libpam4j using the 'password-auth' service
- Whitelisted hosts that can be configured via -Dsecurity.whitelist.hosts=10.X.X.X,testserver.local
If you want to use different authentication mechanisms, you have to modify security-context.xml like Schlomo said.
Hi,
I'm running yum-repo-server on a jetty instance. I created a configuration.properties file which sets mongodb host and security.whitelist.hosts:
cat $JETTY_HOME/webapps/ROOT/WEB-INF/classes/configuration.properties
mongodb.serverlist=localhost
security.whitelist.hosts=localhost,127.0.0.1.10.0.2.15
The mongodb parameter is picked up as it should be. If I delete the parameter yum-repo-server won't start because it's a required param.
The whitelist.hosts param doesn't do what I expected it to do. I installed yum-repo-client on the same machine. If I create a repo using the PAM authentication it works just fine.
But since I want to script the upload of RPM's an interactive way of authentication isn't what I want so I hoped the whitelist could tackle that one. Unfortunately it doesn't in my case:
$ repoclient create test-repo
ERROR: Got unexpected status code 401. Expected 201.
The server said:
## HTTP ERROR 401
Problem accessing /repo/. Reason:
Full authentication is required to access this resource
* * *
_Powered by Jetty://_
* * *
> <body>
Any ideas what I'm doing wrong?
The whitelist should to what you want, problem could be that there is a dot between the two ip addresses and not a comma
localhost,127.0.0.1.10.0.2.15
Hi I hoped it was that easy, but after I changed it to:
security.whitelist.hosts=localhost,127.0.0.1,10.0.2.15
The issue is still the same I'm afraid..
repoclient create test-repo
ERROR: Got unexpected status code 401. Expected 201.
The server said:
## HTTP ERROR 401
Problem accessing /repo/. Reason:
Full authentication is required to access this resource
* * *
_Powered by Jetty://_
* * *
> <body>
Hm, did you try to give the hostname instead of localhost, i think we do a Reverse lookup. Sorry can not check the code right now. Oli
Von meinem iPhone gesendet
Am 26.04.2014 um 13:30 schrieb Jan Collijs notifications@github.com:
Hi I hoped it was that easy, but after I changed it to:
security.whitelist.hosts=localhost,127.0.0.1,10.0.2.15
The issue is still the same I'm afraid..repoclient create test-repo
ERROR: Got unexpected status code 401. Expected 201.
The server said:HTTP ERROR 401
Problem accessing /repo/. Reason:
Full authentication is required to access this resource
Powered by Jetty://
— Reply to this email directly or view it on GitHub.
@visibilityspots I use the hostname in my whitelist config and i can upload RPM:s without interactive authentication. You may also have to restart the application after a config change.
It does not work by changing to the hostname overhere.
After every change I do restart the jetty server so the modified configuration could be picked up..
but the command repoclient create still refuses because of Full authentication is required to the resource..
Hm, maybe it helps to change logging settings for HostnameResolver to see
against what hostname the whitelist Filter checks.
add the next three lines to the log4j.xml file.
should deliver a log output like :
resolved hostname for {} is {}
where in place ot the first {} it should be what the server read from the
request, and the second {} is the resulting hostname usde for hostname
validation.
In our config I see, that we use full qualified host names, by the way.
2014-04-28 11:43 GMT+02:00 Jan Collijs notifications@github.com:
It does not work by changing to the hostname overhere.
After every change I do restart the jetty server so the modified
configuration could be picked up..—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-41539935
.
Hi,
the output of the log is as follows when I try to create a repo with the fqdn in the security.whitelist.hosts:
2014-04-28 18:33:43,482 DEBUG [host=] [user=] de.is24.infrastructure.gridfs.http.utils.HostnameResolver - resolved hostname for 0:0:0:0:0:0:0:1 is 0:0:0:0:0:0:0:1
This looks like an IPv6 Address, try adding this address to your whitelist.
2014-04-28 20:47 GMT+02:00 Jan Collijs notifications@github.com:
Hi,
the output of the log is as follows when I try to create a repo with the
fqdn in the security.whitelist.hosts:2014-04-28 18:33:43,482 DEBUG [host=] [user=] de.is24.infrastructure.gridfs.http.utils.HostnameResolver - resolved hostname for 0:0:0:0:0:0:0:1 is 0:0:0:0:0:0:0:1
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-41597451
.
And your machine does not seam to be able to lookup the loopback
address 0:0:0:0:0:0:0:1
to localhost.
Just adding some unit tests to cover this case.
2014-04-28 21:33 GMT+02:00 Oliver Schmitz-Hennemann oli99sc@gmail.com:
This looks like an IPv6 Address, try adding this address to your whitelist.
2014-04-28 20:47 GMT+02:00 Jan Collijs notifications@github.com:
Hi,
the output of the log is as follows when I try to create a repo with the
fqdn in the security.whitelist.hosts:2014-04-28 18:33:43,482 DEBUG [host=] [user=] de.is24.infrastructure.gridfs.http.utils.HostnameResolver - resolved hostname for 0:0:0:0:0:0:0:1 is 0:0:0:0:0:0:0:1
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-41597451
.
IP detection was not working for IPv6, see commit for issue #41.
travis build is green, should work now (matching localhost)
2014-04-28 22:22 GMT+02:00 Oliver Schmitz-Hennemann oli99sc@gmail.com:
And your machine does not seam to be able to lookup the loopback address 0:0:0:0:0:0:0:1
to localhost.
Just adding some unit tests to cover this case.2014-04-28 21:33 GMT+02:00 Oliver Schmitz-Hennemann oli99sc@gmail.com:
This looks like an IPv6 Address, try adding this address to your whitelist.
2014-04-28 20:47 GMT+02:00 Jan Collijs notifications@github.com:
Hi,
the output of the log is as follows when I try to create a repo with the
fqdn in the security.whitelist.hosts:2014-04-28 18:33:43,482 DEBUG [host=] [user=] de.is24.infrastructure.gridfs.http.utils.HostnameResolver - resolved hostname for 0:0:0:0:0:0:0:1 is 0:0:0:0:0:0:0:1
—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-41597451
.
yes, it works now. Now I can start finalizing my puppet-modules for both client and server and looking in the functionality.
Thanks a lot for the time and effort you've spent to solve this! I really appreciate it!