Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannont authenticate clients using only ssl certificate #153

Open
davisj opened this issue Jan 24, 2014 · 1 comment
Open

Cannont authenticate clients using only ssl certificate #153

davisj opened this issue Jan 24, 2014 · 1 comment

Comments

@davisj
Copy link
Contributor

davisj commented Jan 24, 2014

Both client and server are v1.3.3.

Clients receive "Unauthorized (401)" errors when trying to authenticate using only certificates.

The output on the server states...

No authentication data presented

Which comes from Bcfg2.SSLServer.XMLRPCRequestHandler.authenticate
Where it is looking for an "Authorization" header which the client does not appear to be providing.

Here's the clients [communication] section from bcfg2.conf

[communication]
authentication = cert
protocol = xmlrpc/ssl
certificate = /etc/pki/tls/certs/bcfg2client.crt
key = /etc/pki/tls/private/bcfg2client.key
ca = /etc/pki/tls/certs/bcfg2ca.crt

There is no entry for the client in clients.xml as we're using...

[metadata]
use_database = True

Cert authentication does work when we provide a clients.xml record and specify auth='cert'.

@JackSlateur
Copy link

It seems that a password must be configured, on the client
Just add a dummy password = under the communication section

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants