Did you try to use a user/password known to the system?

On 28 October 2013 15:53, John Dyer [email protected] wrote:

I am playing around w/ this project and I am getting an auth error locally

jdyer@retina:~ » repoclient -s localhost -p 8080 create foo 1 ↵
ERROR: Got unexpected status code 401. Expected 201.
The server said:

<title>Apache Tomcat/7.0.40 - Error report</title><style></style>

HTTP Status 401 - Full authentication is required to access this resource

---

type Status report

message Full authentication is required to access this resource

description This request requires HTTP authentication.

---

Apache Tomcat/7.0.40

jdyer@retina:~ »

What is the default username / password ?

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29
.

from yum-repo-server.

@schlomo , no I hadn't tried that yet, but I just did and it didn't work

from yum-repo-server.

See
https://github.com/ImmobilienScout24/yum-repo-server/blob/master/src/main/resources/security-context.xml,
it should be using PAM. Are you on Linux?

On 28 October 2013 16:28, John Dyer [email protected] wrote:

I did, but it's not working...

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-27221646
.

from yum-repo-server.

Per default we use 2 authentication methods.

1. PAM authentication via libpam4j using the 'password-auth' service
2. Whitelisted hosts that can be configured via -Dsecurity.whitelist.hosts=10.X.X.X,testserver.local

If you want to use different authentication mechanisms, you have to modify security-context.xml like Schlomo said.

from yum-repo-server.

Hi,

I'm running yum-repo-server on a jetty instance. I created a configuration.properties file which sets mongodb host and security.whitelist.hosts:

cat $JETTY_HOME/webapps/ROOT/WEB-INF/classes/configuration.properties

mongodb.serverlist=localhost
security.whitelist.hosts=localhost,127.0.0.1.10.0.2.15

The mongodb parameter is picked up as it should be. If I delete the parameter yum-repo-server won't start because it's a required param.

The whitelist.hosts param doesn't do what I expected it to do. I installed yum-repo-client on the same machine. If I create a repo using the PAM authentication it works just fine.

But since I want to script the upload of RPM's an interactive way of authentication isn't what I want so I hoped the whitelist could tackle that one. Unfortunately it doesn't in my case:

$ repoclient create test-repo
ERROR: Got unexpected status code 401. Expected 201.
The server said:
## HTTP ERROR 401

Problem accessing /repo/. Reason:


        Full authentication is required to access this resource

* * *

_Powered by Jetty://_

* * *

> <body>

Any ideas what I'm doing wrong?

from yum-repo-server.

The whitelist should to what you want, problem could be that there is a dot between the two ip addresses and not a comma

localhost,127.0.0.1.10.0.2.15

from yum-repo-server.

Hi I hoped it was that easy, but after I changed it to:

security.whitelist.hosts=localhost,127.0.0.1,10.0.2.15

The issue is still the same I'm afraid..

repoclient create test-repo
ERROR: Got unexpected status code 401. Expected 201.
The server said:
## HTTP ERROR 401
Problem accessing /repo/. Reason:
        Full authentication is required to access this resource
* * *
_Powered by Jetty://_
* * *
> <body>

from yum-repo-server.

Hm, did you try to give the hostname instead of localhost, i think we do a Reverse lookup. Sorry can not check the code right now. Oli

Von meinem iPhone gesendet

Am 26.04.2014 um 13:30 schrieb Jan Collijs [email protected]:

Hi I hoped it was that easy, but after I changed it to:

security.whitelist.hosts=localhost,127.0.0.1,10.0.2.15
The issue is still the same I'm afraid..

repoclient create test-repo
ERROR: Got unexpected status code 401. Expected 201.
The server said:

HTTP ERROR 401

Problem accessing /repo/. Reason:
Full authentication is required to access this resource

---

Powered by Jetty://

---

— Reply to this email directly or view it on GitHub.

from yum-repo-server.

@visibilityspots I use the hostname in my whitelist config and i can upload RPM:s without interactive authentication. You may also have to restart the application after a config change.

from yum-repo-server.

It does not work by changing to the hostname overhere.

After every change I do restart the jetty server so the modified configuration could be picked up..

but the command repoclient create still refuses because of Full authentication is required to the resource..

from yum-repo-server.

Hm, maybe it helps to change logging settings for HostnameResolver to see
against what hostname the whitelist Filter checks.

add the next three lines to the log4j.xml file.

should deliver a log output like :
resolved hostname for {} is {}
where in place ot the first {} it should be what the server read from the
request, and the second {} is the resulting hostname usde for hostname
validation.

In our config I see, that we use full qualified host names, by the way.

2014-04-28 11:43 GMT+02:00 Jan Collijs [email protected]:

It does not work by changing to the hostname overhere.

After every change I do restart the jetty server so the modified
configuration could be picked up..

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-41539935
.

from yum-repo-server.

Hi,

the output of the log is as follows when I try to create a repo with the fqdn in the security.whitelist.hosts:

2014-04-28 18:33:43,482 DEBUG [host=] [user=] de.is24.infrastructure.gridfs.http.utils.HostnameResolver - resolved hostname for 0:0:0:0:0:0:0:1 is 0:0:0:0:0:0:0:1

from yum-repo-server.

This looks like an IPv6 Address, try adding this address to your whitelist.

2014-04-28 20:47 GMT+02:00 Jan Collijs [email protected]:

Hi,

the output of the log is as follows when I try to create a repo with the
fqdn in the security.whitelist.hosts:

2014-04-28 18:33:43,482 DEBUG [host=] [user=] de.is24.infrastructure.gridfs.http.utils.HostnameResolver - resolved hostname for 0:0:0:0:0:0:0:1 is 0:0:0:0:0:0:0:1

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-41597451
.

from yum-repo-server.

And your machine does not seam to be able to lookup the loopback
address 0:0:0:0:0:0:0:1
to localhost.
Just adding some unit tests to cover this case.

2014-04-28 21:33 GMT+02:00 Oliver Schmitz-Hennemann [email protected]:

This looks like an IPv6 Address, try adding this address to your whitelist.

2014-04-28 20:47 GMT+02:00 Jan Collijs [email protected]:

Hi,

the output of the log is as follows when I try to create a repo with the
fqdn in the security.whitelist.hosts:

2014-04-28 18:33:43,482 DEBUG [host=] [user=] de.is24.infrastructure.gridfs.http.utils.HostnameResolver - resolved hostname for 0:0:0:0:0:0:0:1 is 0:0:0:0:0:0:0:1

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-41597451
.

from yum-repo-server.

IP detection was not working for IPv6, see commit for issue #41.
travis build is green, should work now (matching localhost)

2014-04-28 22:22 GMT+02:00 Oliver Schmitz-Hennemann [email protected]:

And your machine does not seam to be able to lookup the loopback address 0:0:0:0:0:0:0:1
to localhost.
Just adding some unit tests to cover this case.

2014-04-28 21:33 GMT+02:00 Oliver Schmitz-Hennemann [email protected]:

This looks like an IPv6 Address, try adding this address to your whitelist.

2014-04-28 20:47 GMT+02:00 Jan Collijs [email protected]:

Hi,

the output of the log is as follows when I try to create a repo with the
fqdn in the security.whitelist.hosts:

2014-04-28 18:33:43,482 DEBUG [host=] [user=] de.is24.infrastructure.gridfs.http.utils.HostnameResolver - resolved hostname for 0:0:0:0:0:0:0:1 is 0:0:0:0:0:0:0:1

—
Reply to this email directly or view it on GitHubhttps://github.com//issues/29#issuecomment-41597451
.

from yum-repo-server.

yes, it works now. Now I can start finalizing my puppet-modules for both client and server and looking in the functionality.

Thanks a lot for the time and effort you've spent to solve this! I really appreciate it!

from yum-repo-server.