Policy manager can't use the same atSign as a device connected to the policy manager.

Question

Policy manager can't use the same atSign as a device connected to the policy manager.

Opened this issue 2 months ago · 0 comments

Describe the bug

When an atSign is (re)used for both the policy manager and a device connected to that policy manager it first looks like a correct authorization response:

Sep 24 14:19:21 jumpbox sshnpd[12522]: INFO|2024-09-24 14:19:21.621736| sshnpd |Got response {authorized: true, message: @cpswan has permission for device jumpbox and/or device group __none__ at daemon @jarheaddetailed, permitOpen: [localhost:22, localhost:3000]}

But then:

Sep 24 14:19:21 jumpbox sshnpd[12522]: WARNING|2024-09-24 14:19:21.622105| sshnpd |Ignoring auth check response (received after future completion) from @jarheaddetailed : {reqId: 1727187561506555, respType: success, payload: {authorized: true, message: @cpswan has permission for device jumpbox and/or device group __none__ at daemon @jarheaddetailed, permitOpen: [localhost:22, localhost:3000]}, message: null}

Steps to reproduce

First I install a daemon (using release 5.6.1)
Then I install an APKAM key
And then edit the systemd unit to use policy
And install the 5.7.0-alpha6 policy manager
Use the same atSign for both the daemon and policy manager

Expected behavior

A single atSign can be (re)used for both purposes