I am trying to create a windows based image on Openstack using glance. I get an error about authentication plugin, I am able to retrieve a token using keystone (token-get), heres is my error :
root#Machine:~# glance --os-username USER --os-password PASS --os-project-domain-name windows --os-project-name windows --os-auth-url http://Controller:35357/v2.0 image-create --name="win8" --property vm_mode=HVM --is-public=true --container-format=ovf --disk-format=vhd < tarred.tgz
An auth plugin is required to fetch a token
TO avoid this problem add OpenStack environment variables:
source admin-openrc.sh
Related
I'm trying to implement an unattended script accessing files within OneDrive using Microsoft365R.
I've setup everything like in the docs using the default app registration.
The interactive flow with auth_type="device_code" works without issues:
odb <- Microsoft365R::get_business_onedrive(auth_type="device_code")
But when trying auth_type="resource_owner" like shown in the docs here, I get the following error:
odb <- Microsoft365R::get_business_onedrive(tenant=tenant, app=app, username=user, password=getPass(), auth_type="resource_owner")
Error in process_aad_response(res) :
Bad Request (HTTP 400). Failed to obtain Azure Active Directory token. Message:
AADSTS50126: Error validating credentials due to invalid username or password.
My guess is, that the default app is missing some privileges to use the "resource_owner" flow.
Can someone point me to the right direction on how to get the resource_owner flow working?
(Using Service Principles is not a solution for my setup, but I did also try it with a dedicated service account and it was not working either)
I am using saltstack state script to create a jar from BitBucket and upload the jar to Artifactory. When uploading to Artifactory I see an authorization error. I am not sure if this is the right approach to achieve the upload to Artifactory.
I tried using CURL to achieve upload. I need to provide -u myUser:myPassword along the CURL command for it to work. I cannot provide the credentials in my salt state scripts. I am looking for a better option to achieve the upload without using login credentials. How to upload artifacts to artifactory using saltstack?
curl -X PUT -T /tmp/Batch.jar http://artifactory/artifactory/Batch.jar
Error:
stdout:
{
\"errors\" : [ {
\"status\" : 401,
\"message\" : \"Unauthorized\"
} ]
}
I've run into this sort of thing a couple of times. The easiest solution is to write a small salt execution module to do this work. This way you can store the artifactory credentials as pillar data and use the normal python requests or salt http helpers to make the web requests.
Looks like salt stack provides a module for artifactory alread: https://docs.saltstack.com/en/latest/ref/modules/all/salt.modules.artifactory.html
It may not do exactly what you're looking for, but you could definitely extend it: https://github.com/saltstack/salt/blob/develop/salt/modules/artifactory.py
The saltstack docs for writing execution modules can be here:
https://docs.saltstack.com/en/latest/ref/modules/
According to Artifactory documentation, the REST API supports these forms of authentication:
Basic authentication using your username and password
[Simplest] Basic authentication using your username and API Key.
Using a dedicated header (X-JFrog-Art-Api) with your API Key.
Using an access token instead of a password for basic authentication.
[Recommended] Using an access token as a bearer token in an authorization header
(Authorization: Bearer) with your access token.
You will have to choose one of the above.
I'd like to assign multiple user assigned managed service identities to a VM Scale Set in Azure. I can do so by following the the docs.
What I have not figured out yet is how I can request a token for a specific identity.The docs for requesting a token via the IMDS endpoint do not mention any request parameters for specifying e.g. a clientId.
Any clues?
Christian,
You can request tokens for a particular managed identity, by passing in the client_id or object_id in the request. For example: curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https://management.azure.com/&object_id=<USERASSIGNED_OBJECT_ID>' -H Metadata:true -s
Our docs are being updated right now to properly include this info. Thanks for the note! :)
-Arturo
Previous answers provide the right pointer.
If you are using Azure SDKs to write your code, then you can use Azure.Identity library and the DefaultAzureCredential object as described here - https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme#specifying-a-user-assigned-managed-identity-with-the-defaultazurecredential
RStudio Server authentication with libpam-pwdfile
I'm developing a Vagrant box with a full analytic stackand this includes, ofc, a RStudio Server instance.
I decided to use this pam module https://github.com/tiwe-de/libpam-pwdfile as it allows to authenticate against a pwd file. This allows me to let users access to RStudio without the need to make them server users.
But I'm not able to authenticate at all!
I've added these two files to my setup:
/etc/rstudio/passwd
jdoe:s/NKv5DK33kxQ
(the password was made using mkpasswd using crypt)
/etc/pam.d/rstudio
auth required pam_pwdfile.so pwdfile=/etc/rstudio/passwd
account required pam_permit.so
session required pam_permit.so
password required pam_deny.so
When I perform a pamtester --verbose rstudio jdoe authenticate as the user rstudio-server I get authentication successful.
But still not able to login to RStudio.
Looking into /var/lof/auth.log I can see that some lines:
PAM unable to dlopen(pam_permit.so#015): /lib/security/pam_permit.so#015: cannot open shared object file: No such file or directory
PAM adding faulty module: pam_permit.so#015
PAM unable to dlopen(pam_deny.so#015): /lib/security/pam_deny.so#015: cannot open shared object file: No such file or directory
PAM adding faulty module: pam_deny.so#015
This happens when I insert a valid user (with both the right or a wrong password).
Only if I insert a fake user at login screen I get an additional line pam_pwdfile(rstudio:auth): user not found in password database.
I'm totally puzzled why these files are not found: they are not /lib/security but in /lib/x86_64-linux-gnu/security/ actually.
Is it because of these missing files I cannot login?
I am trying to run the pushtest sample that ships with the iOS SDK. In the .m file I have replaced the org name, app name and notifier name( which I have named 'apple'). I have the provisioning set up for my iPad. When I run the code, I don't see any window asking me to allow push notifications. On clicking the push to this device, the terminal spits out this error:
2014-01-30 14:04:20.525 Push Test[2970:60b] displaying alert. title: Error, message: {"error":"unauthorized","timestamp":1391119457656,"duration":0,"exception":"org.apache.shiro.authz.UnauthorizedException","error_description":"Subject does not have permission [applications:post:ed031740-7e90-11e3-a906-25e89414fcd7:/notifications]"}
I believe this is because the app has not obtained push permission, however, the alert window asking for this was not presented in the first case. How can I fix this?
"error":"unauthorized"`
This is an indication that your request requires authentication and you're not authorized to access the endpoint.
Push notifications out of the box require authentication - either an access_token (recommended) or client_id/secret. Try including the access_token in your header (instructions here).
If you want to disable authentication, you can add the GUEST role to /notifications (instructions here).
You need to give permissions to your application role:
curl -X POST "https://api.usergrid.com///roles/ -d '{"name":"nameforrole","title":"titleforrole","permission" : "GET,PUT,POST,DELETE:/users/me/**"}'