openstack keystone and kerberos
Clash Royale CLAN TAG#URR8PPP
0
I have integrated the openstack and kerberos using the link provided here : https://www.jamielennox.net/blog/2015/02/12/step-by-step-kerberized-keystone/
It is successfully installed and I am able to perform kinit authentication successfully,
kinit userId
But when I try to perform 'openstack token issue' / any command using openstack
I get 401 unauthorized exception like below,
Auth plugin v3kerberos selected
auth_config_hook(): 'auth_type': 'v3kerberos', 'beta_command': False, u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'metrics_api_version': '1', u'metering_api_version': u'2', 'auth_url': 'http://openstack.companyipasub.com:5000/krb/v3/', 'additional_user_agent': [('osc-lib', '1.11.1')], u'network_api_version': u'2', u'message': u'', u'image_format': u'qcow2', 'networks': , u'image_api_version': u'2', u'clustering_api_version': u'1', 'verify': True, 'timing': False, u'dns_api_version': '2', u'object_store_api_version': u'1', u'status': u'active', u'container_infra_api_version': '1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': , 'default_domain': 'default', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': '1', u'interface': None, u'application_catalog_api_version': u'1', 'cacert': None, u'key_manager_api_version': '1', u'workflow_api_version': u'2', u'baremetal_status_code_retries': '5', u'identity_api_version': '3', u'volume_api_version': u'2', 'deferred_help': False, 'cert': None, u'secgroup_source': u'neutron', 'alarming_api_version': '2', u'container_api_version': u'1', u'block_storage_api_version': u'2', u'disable_vendor_agent':
Using auth plugin: v3kerberos
Using parameters 'auth_url': 'http://openstack.companyipasub.com:5000/krb/v3/'
Get auth_ref
Making authentication request to http://openstack.companyipasub.com:5000/krb/v3/auth/tokens
Starting new HTTP connection (1): openstack.companyipasub.com
http://openstack.companyipasub.com:5000 "POST /krb/v3/auth/tokens HTTP/1.1" 401 381
handle_401(): Handling: 401
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
%%%%%%%%%%%%%%%%%RESPONSE HEADER%%%%%%%%%
openstack.companyipasub.com
HTTP
10
#####################BEFORE NEGOTATION################
1
openstack.companyipasub.com
<PyCObject object at 0x7feeb1f2aeb8>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
authenticate_user(): Authorization header: Negotiate YIIEsQYJKoZIhvcSAQICAQBuggSgMIIEnKADAgEFoQMCAQ6iBwMFACAAAACjggOuYYIDqjCCA6agAwIBBaEQGw5NU1lTSVBBUUNTLkNPTaIrMCmgAwIBA6EiMCAbBEhUVFAbGG9wZW5zdGFjay5tc3lzaXBhcWNzLmNvbaOCA14wggNaoAMCARKhAwIBAaKCA0wEggNIEYkxuhR67BYR0AiQZNcdkcjw9n9Whu15PAx7sQeAlMl0RTKqHJlMhL/djZTPJoaIJ6AWUiLovambzqA9SUngU5wEuYlwlB+h8nvxVWuqziEsukaWBWErToIKnA6R2bds4aoUCtfEElJP+kAFgyf+biqCNIzWJpKrYlMgX9gZqqAkL+uzdWMyClEAABODajw5hg8BmTLOJ5xY/BsYh2eKFn3S9y150OV1RKf5Vct2WpVQNbz/1h7Uu4iNngfTx3rvYQWg1AarkL76HACXiqu07dlmZilgf29umyy9GtNYsrJYNO0Fl1cejzOsGotxFh1Wufg5RJ3NMgHaQ477elmixsDnLC1eUtGmP4tmdpMFFoFjMi9pusdWBnsRBWK5VpJgJsSZIMNcxMMLT4CAEM5/nTo7I8ZDtrO828IhFeity4gYZeFcMZpcO9pGKL70ruWaVh8QTV9E/7DakcTAJ6eMYmTzU7mSnT8rZbA9CVRpKwU2mF3osZfWIPdmRSjM9qR540Xkj39CUaZSf2xRIyFfLPQuyQ/tKIeQH6lrO2hKIUXqmnUw5OzJBaE+JfTuAuIcnGhfA9VESN3Ymmx71SSvRLpYwHZXEWRHo2G32iyGW6pL3pf32N72oL5odlz2a8FOzSwV4vhnOHjeB0wVymmLht5BIMy5xV+UjYNomolMXLS1vrd20aI5vXpoQZNTd5ANx+7PjkXuZSxkadxFcEJQzCTwKRs0DhF6qnsVBL5t9WjiCxkUqFNQ867ZWefDW9ZkrMbTdgJ09O94an1VTNETkUFs8feQcevYXJN87dM6tp6wMFQB51zoCaF5DlHzNtwUMtv0kD0NTILULQ9jy7N2797a16FR8eueaS0YW9troP263zGjsXGP6hu1pljDCS4SLXfA5M4fLNjheOMkqrFNyHty83jEuZaNKnjKip9KVfV02YoA/r8T7ybTXSQYEohLfwIrMqL4QgjRqlb1w9R5eaHjJZ+3N2bMqdM6i5XrD4FYOw71paIQ1KDaYWVhDYzDgporDKZdKeTjGnKZjXqOMu2NMbxQCqgRl2ffRUQqYHVlr0K+H+vLyTM1hMQYQNgTOKJzmc2X4blSH0NNmXkH4SD8WwyKrRR/pIHUMIHRoAMCARKigckEgcZ1btIWWLebFDMojIrDaSja+mlF5zhAAISr8Xs8ngjbHtv3cp/L8o2LzovHGsHLlyEOFYOk8yA7fIbJ0bdqeEZ0AGn5Y9vpUhTBAOIRt7n5Ksx4MKNCjOxeoa2m2UfUNtbMgcPgN8VNZ9Z/nYvUZW9Vyd4KbPKz7+3yrKArkjz7Q47XTRyZt49eWlThhryZT2c941m6RlP0NlMYE1iA8HZfU+hpE9ZrM4QB9rjaF3YCzNriWCW8mgpyHQC/OyPgBo6Krqe3HWc=
http://openstack.companyipasub.com:5000 "POST /krb/v3/auth/tokens HTTP/1.1" 401 114
authenticate_user(): returning <Response [401]>
handle_401(): returning <Response [401]>
handle_response(): returning <Response [401]>
handle_response() has seen 0 401 responses
handle_401(): Handling: 401
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv/cBxSains0m+hfCjXhwcg/eStoasDfYiwF56vheZT9t7EVelUjfaXEtcel9E7YShc7WtbIW73NnsSM/7h8yKsqWEGwDnnSe063SnuAMW7xK0i44q3j1UkvPF7E00wF3dPzooeDxZT2Ztqc4kQ5xU
%%%%%%%%%%%%%%%%%RESPONSE HEADER%%%%%%%%%
openstack.companyipasub.com
HTTP
10
#####################BEFORE NEGOTATION################
1
openstack.companyipasub.com
<PyCObject object at 0x7feeb1f2af58>
"error": "message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv/cBxSains0m+hfCjXhwcg/eStoasDfYiwF56vheZT9t7EVelUjfaXEtcel9E7YShc7WtbIW73NnsSM/7h8yKsqWEGwDnnSe063SnuAMW7xK0i44q3j1UkvPF7E00wF3dPzooeDxZT2Ztqc4kQ5xU
generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 136, in generate_request_header
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
(('Invalid token was supplied', 589824), ('Success', 100001))
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 136, in generate_request_header
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
handle_401(): returning <Response [401]>
handle_response(): returning <Response [401]>
handle_response() has seen 1 401 responses
handle_response(): returning 401 <Response [401]>
Request returned failure status: 401
The request you have made requires authentication. (HTTP 401) (Request-ID: req-1f34993d-e869-491d-be4d-fc756f081beb)
clean_up IssueToken: The request you have made requires authentication. (HTTP 401) (Request-ID: req-1f34993d-e869-491d-be4d-fc756f081beb)
END return value: 1
centos kerberos openstack
asked Dec 28 '18 at 9:34
HarryHarry
1197
add a comment |
0
I have integrated the openstack and kerberos using the link provided here : https://www.jamielennox.net/blog/2015/02/12/step-by-step-kerberized-keystone/
It is successfully installed and I am able to perform kinit authentication successfully,
kinit userId
But when I try to perform 'openstack token issue' / any command using openstack
I get 401 unauthorized exception like below,
Auth plugin v3kerberos selected
auth_config_hook(): 'auth_type': 'v3kerberos', 'beta_command': False, u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'metrics_api_version': '1', u'metering_api_version': u'2', 'auth_url': 'http://openstack.companyipasub.com:5000/krb/v3/', 'additional_user_agent': [('osc-lib', '1.11.1')], u'network_api_version': u'2', u'message': u'', u'image_format': u'qcow2', 'networks': , u'image_api_version': u'2', u'clustering_api_version': u'1', 'verify': True, 'timing': False, u'dns_api_version': '2', u'object_store_api_version': u'1', u'status': u'active', u'container_infra_api_version': '1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': , 'default_domain': 'default', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': '1', u'interface': None, u'application_catalog_api_version': u'1', 'cacert': None, u'key_manager_api_version': '1', u'workflow_api_version': u'2', u'baremetal_status_code_retries': '5', u'identity_api_version': '3', u'volume_api_version': u'2', 'deferred_help': False, 'cert': None, u'secgroup_source': u'neutron', 'alarming_api_version': '2', u'container_api_version': u'1', u'block_storage_api_version': u'2', u'disable_vendor_agent':
Using auth plugin: v3kerberos
Using parameters 'auth_url': 'http://openstack.companyipasub.com:5000/krb/v3/'
Get auth_ref
Making authentication request to http://openstack.companyipasub.com:5000/krb/v3/auth/tokens
Starting new HTTP connection (1): openstack.companyipasub.com
http://openstack.companyipasub.com:5000 "POST /krb/v3/auth/tokens HTTP/1.1" 401 381
handle_401(): Handling: 401
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
%%%%%%%%%%%%%%%%%RESPONSE HEADER%%%%%%%%%
openstack.companyipasub.com
HTTP
10
#####################BEFORE NEGOTATION################
1
openstack.companyipasub.com
<PyCObject object at 0x7feeb1f2aeb8>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
authenticate_user(): Authorization header: Negotiate YIIEsQYJKoZIhvcSAQICAQBuggSgMIIEnKADAgEFoQMCAQ6iBwMFACAAAACjggOuYYIDqjCCA6agAwIBBaEQGw5NU1lTSVBBUUNTLkNPTaIrMCmgAwIBA6EiMCAbBEhUVFAbGG9wZW5zdGFjay5tc3lzaXBhcWNzLmNvbaOCA14wggNaoAMCARKhAwIBAaKCA0wEggNIEYkxuhR67BYR0AiQZNcdkcjw9n9Whu15PAx7sQeAlMl0RTKqHJlMhL/djZTPJoaIJ6AWUiLovambzqA9SUngU5wEuYlwlB+h8nvxVWuqziEsukaWBWErToIKnA6R2bds4aoUCtfEElJP+kAFgyf+biqCNIzWJpKrYlMgX9gZqqAkL+uzdWMyClEAABODajw5hg8BmTLOJ5xY/BsYh2eKFn3S9y150OV1RKf5Vct2WpVQNbz/1h7Uu4iNngfTx3rvYQWg1AarkL76HACXiqu07dlmZilgf29umyy9GtNYsrJYNO0Fl1cejzOsGotxFh1Wufg5RJ3NMgHaQ477elmixsDnLC1eUtGmP4tmdpMFFoFjMi9pusdWBnsRBWK5VpJgJsSZIMNcxMMLT4CAEM5/nTo7I8ZDtrO828IhFeity4gYZeFcMZpcO9pGKL70ruWaVh8QTV9E/7DakcTAJ6eMYmTzU7mSnT8rZbA9CVRpKwU2mF3osZfWIPdmRSjM9qR540Xkj39CUaZSf2xRIyFfLPQuyQ/tKIeQH6lrO2hKIUXqmnUw5OzJBaE+JfTuAuIcnGhfA9VESN3Ymmx71SSvRLpYwHZXEWRHo2G32iyGW6pL3pf32N72oL5odlz2a8FOzSwV4vhnOHjeB0wVymmLht5BIMy5xV+UjYNomolMXLS1vrd20aI5vXpoQZNTd5ANx+7PjkXuZSxkadxFcEJQzCTwKRs0DhF6qnsVBL5t9WjiCxkUqFNQ867ZWefDW9ZkrMbTdgJ09O94an1VTNETkUFs8feQcevYXJN87dM6tp6wMFQB51zoCaF5DlHzNtwUMtv0kD0NTILULQ9jy7N2797a16FR8eueaS0YW9troP263zGjsXGP6hu1pljDCS4SLXfA5M4fLNjheOMkqrFNyHty83jEuZaNKnjKip9KVfV02YoA/r8T7ybTXSQYEohLfwIrMqL4QgjRqlb1w9R5eaHjJZ+3N2bMqdM6i5XrD4FYOw71paIQ1KDaYWVhDYzDgporDKZdKeTjGnKZjXqOMu2NMbxQCqgRl2ffRUQqYHVlr0K+H+vLyTM1hMQYQNgTOKJzmc2X4blSH0NNmXkH4SD8WwyKrRR/pIHUMIHRoAMCARKigckEgcZ1btIWWLebFDMojIrDaSja+mlF5zhAAISr8Xs8ngjbHtv3cp/L8o2LzovHGsHLlyEOFYOk8yA7fIbJ0bdqeEZ0AGn5Y9vpUhTBAOIRt7n5Ksx4MKNCjOxeoa2m2UfUNtbMgcPgN8VNZ9Z/nYvUZW9Vyd4KbPKz7+3yrKArkjz7Q47XTRyZt49eWlThhryZT2c941m6RlP0NlMYE1iA8HZfU+hpE9ZrM4QB9rjaF3YCzNriWCW8mgpyHQC/OyPgBo6Krqe3HWc=
http://openstack.companyipasub.com:5000 "POST /krb/v3/auth/tokens HTTP/1.1" 401 114
authenticate_user(): returning <Response [401]>
handle_401(): returning <Response [401]>
handle_response(): returning <Response [401]>
handle_response() has seen 0 401 responses
handle_401(): Handling: 401
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv/cBxSains0m+hfCjXhwcg/eStoasDfYiwF56vheZT9t7EVelUjfaXEtcel9E7YShc7WtbIW73NnsSM/7h8yKsqWEGwDnnSe063SnuAMW7xK0i44q3j1UkvPF7E00wF3dPzooeDxZT2Ztqc4kQ5xU
%%%%%%%%%%%%%%%%%RESPONSE HEADER%%%%%%%%%
openstack.companyipasub.com
HTTP
10
#####################BEFORE NEGOTATION################
1
openstack.companyipasub.com
<PyCObject object at 0x7feeb1f2af58>
"error": "message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv/cBxSains0m+hfCjXhwcg/eStoasDfYiwF56vheZT9t7EVelUjfaXEtcel9E7YShc7WtbIW73NnsSM/7h8yKsqWEGwDnnSe063SnuAMW7xK0i44q3j1UkvPF7E00wF3dPzooeDxZT2Ztqc4kQ5xU
generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 136, in generate_request_header
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
(('Invalid token was supplied', 589824), ('Success', 100001))
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 136, in generate_request_header
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
handle_401(): returning <Response [401]>
handle_response(): returning <Response [401]>
handle_response() has seen 1 401 responses
handle_response(): returning 401 <Response [401]>
Request returned failure status: 401
The request you have made requires authentication. (HTTP 401) (Request-ID: req-1f34993d-e869-491d-be4d-fc756f081beb)
clean_up IssueToken: The request you have made requires authentication. (HTTP 401) (Request-ID: req-1f34993d-e869-491d-be4d-fc756f081beb)
END return value: 1
centos kerberos openstack
asked Dec 28 '18 at 9:34
HarryHarry
1197
add a comment |
0
0
0
I have integrated the openstack and kerberos using the link provided here : https://www.jamielennox.net/blog/2015/02/12/step-by-step-kerberized-keystone/
It is successfully installed and I am able to perform kinit authentication successfully,
kinit userId
But when I try to perform 'openstack token issue' / any command using openstack
I get 401 unauthorized exception like below,
Auth plugin v3kerberos selected
auth_config_hook(): 'auth_type': 'v3kerberos', 'beta_command': False, u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'metrics_api_version': '1', u'metering_api_version': u'2', 'auth_url': 'http://openstack.companyipasub.com:5000/krb/v3/', 'additional_user_agent': [('osc-lib', '1.11.1')], u'network_api_version': u'2', u'message': u'', u'image_format': u'qcow2', 'networks': , u'image_api_version': u'2', u'clustering_api_version': u'1', 'verify': True, 'timing': False, u'dns_api_version': '2', u'object_store_api_version': u'1', u'status': u'active', u'container_infra_api_version': '1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': , 'default_domain': 'default', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': '1', u'interface': None, u'application_catalog_api_version': u'1', 'cacert': None, u'key_manager_api_version': '1', u'workflow_api_version': u'2', u'baremetal_status_code_retries': '5', u'identity_api_version': '3', u'volume_api_version': u'2', 'deferred_help': False, 'cert': None, u'secgroup_source': u'neutron', 'alarming_api_version': '2', u'container_api_version': u'1', u'block_storage_api_version': u'2', u'disable_vendor_agent':
Using auth plugin: v3kerberos
Using parameters 'auth_url': 'http://openstack.companyipasub.com:5000/krb/v3/'
Get auth_ref
Making authentication request to http://openstack.companyipasub.com:5000/krb/v3/auth/tokens
Starting new HTTP connection (1): openstack.companyipasub.com
http://openstack.companyipasub.com:5000 "POST /krb/v3/auth/tokens HTTP/1.1" 401 381
handle_401(): Handling: 401
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
%%%%%%%%%%%%%%%%%RESPONSE HEADER%%%%%%%%%
openstack.companyipasub.com
HTTP
10
#####################BEFORE NEGOTATION################
1
openstack.companyipasub.com
<PyCObject object at 0x7feeb1f2aeb8>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
authenticate_user(): Authorization header: Negotiate YIIEsQYJKoZIhvcSAQICAQBuggSgMIIEnKADAgEFoQMCAQ6iBwMFACAAAACjggOuYYIDqjCCA6agAwIBBaEQGw5NU1lTSVBBUUNTLkNPTaIrMCmgAwIBA6EiMCAbBEhUVFAbGG9wZW5zdGFjay5tc3lzaXBhcWNzLmNvbaOCA14wggNaoAMCARKhAwIBAaKCA0wEggNIEYkxuhR67BYR0AiQZNcdkcjw9n9Whu15PAx7sQeAlMl0RTKqHJlMhL/djZTPJoaIJ6AWUiLovambzqA9SUngU5wEuYlwlB+h8nvxVWuqziEsukaWBWErToIKnA6R2bds4aoUCtfEElJP+kAFgyf+biqCNIzWJpKrYlMgX9gZqqAkL+uzdWMyClEAABODajw5hg8BmTLOJ5xY/BsYh2eKFn3S9y150OV1RKf5Vct2WpVQNbz/1h7Uu4iNngfTx3rvYQWg1AarkL76HACXiqu07dlmZilgf29umyy9GtNYsrJYNO0Fl1cejzOsGotxFh1Wufg5RJ3NMgHaQ477elmixsDnLC1eUtGmP4tmdpMFFoFjMi9pusdWBnsRBWK5VpJgJsSZIMNcxMMLT4CAEM5/nTo7I8ZDtrO828IhFeity4gYZeFcMZpcO9pGKL70ruWaVh8QTV9E/7DakcTAJ6eMYmTzU7mSnT8rZbA9CVRpKwU2mF3osZfWIPdmRSjM9qR540Xkj39CUaZSf2xRIyFfLPQuyQ/tKIeQH6lrO2hKIUXqmnUw5OzJBaE+JfTuAuIcnGhfA9VESN3Ymmx71SSvRLpYwHZXEWRHo2G32iyGW6pL3pf32N72oL5odlz2a8FOzSwV4vhnOHjeB0wVymmLht5BIMy5xV+UjYNomolMXLS1vrd20aI5vXpoQZNTd5ANx+7PjkXuZSxkadxFcEJQzCTwKRs0DhF6qnsVBL5t9WjiCxkUqFNQ867ZWefDW9ZkrMbTdgJ09O94an1VTNETkUFs8feQcevYXJN87dM6tp6wMFQB51zoCaF5DlHzNtwUMtv0kD0NTILULQ9jy7N2797a16FR8eueaS0YW9troP263zGjsXGP6hu1pljDCS4SLXfA5M4fLNjheOMkqrFNyHty83jEuZaNKnjKip9KVfV02YoA/r8T7ybTXSQYEohLfwIrMqL4QgjRqlb1w9R5eaHjJZ+3N2bMqdM6i5XrD4FYOw71paIQ1KDaYWVhDYzDgporDKZdKeTjGnKZjXqOMu2NMbxQCqgRl2ffRUQqYHVlr0K+H+vLyTM1hMQYQNgTOKJzmc2X4blSH0NNmXkH4SD8WwyKrRR/pIHUMIHRoAMCARKigckEgcZ1btIWWLebFDMojIrDaSja+mlF5zhAAISr8Xs8ngjbHtv3cp/L8o2LzovHGsHLlyEOFYOk8yA7fIbJ0bdqeEZ0AGn5Y9vpUhTBAOIRt7n5Ksx4MKNCjOxeoa2m2UfUNtbMgcPgN8VNZ9Z/nYvUZW9Vyd4KbPKz7+3yrKArkjz7Q47XTRyZt49eWlThhryZT2c941m6RlP0NlMYE1iA8HZfU+hpE9ZrM4QB9rjaF3YCzNriWCW8mgpyHQC/OyPgBo6Krqe3HWc=
http://openstack.companyipasub.com:5000 "POST /krb/v3/auth/tokens HTTP/1.1" 401 114
authenticate_user(): returning <Response [401]>
handle_401(): returning <Response [401]>
handle_response(): returning <Response [401]>
handle_response() has seen 0 401 responses
handle_401(): Handling: 401
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv/cBxSains0m+hfCjXhwcg/eStoasDfYiwF56vheZT9t7EVelUjfaXEtcel9E7YShc7WtbIW73NnsSM/7h8yKsqWEGwDnnSe063SnuAMW7xK0i44q3j1UkvPF7E00wF3dPzooeDxZT2Ztqc4kQ5xU
%%%%%%%%%%%%%%%%%RESPONSE HEADER%%%%%%%%%
openstack.companyipasub.com
HTTP
10
#####################BEFORE NEGOTATION################
1
openstack.companyipasub.com
<PyCObject object at 0x7feeb1f2af58>
"error": "message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv/cBxSains0m+hfCjXhwcg/eStoasDfYiwF56vheZT9t7EVelUjfaXEtcel9E7YShc7WtbIW73NnsSM/7h8yKsqWEGwDnnSe063SnuAMW7xK0i44q3j1UkvPF7E00wF3dPzooeDxZT2Ztqc4kQ5xU
generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 136, in generate_request_header
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
(('Invalid token was supplied', 589824), ('Success', 100001))
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 136, in generate_request_header
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
handle_401(): returning <Response [401]>
handle_response(): returning <Response [401]>
handle_response() has seen 1 401 responses
handle_response(): returning 401 <Response [401]>
Request returned failure status: 401
The request you have made requires authentication. (HTTP 401) (Request-ID: req-1f34993d-e869-491d-be4d-fc756f081beb)
clean_up IssueToken: The request you have made requires authentication. (HTTP 401) (Request-ID: req-1f34993d-e869-491d-be4d-fc756f081beb)
END return value: 1
centos kerberos openstack
asked Dec 28 '18 at 9:34
HarryHarry
1197
I have integrated the openstack and kerberos using the link provided here : https://www.jamielennox.net/blog/2015/02/12/step-by-step-kerberized-keystone/
It is successfully installed and I am able to perform kinit authentication successfully,
kinit userId
But when I try to perform 'openstack token issue' / any command using openstack
I get 401 unauthorized exception like below,
Auth plugin v3kerberos selected
auth_config_hook(): 'auth_type': 'v3kerberos', 'beta_command': False, u'compute_api_version': u'2', 'key': None, u'database_api_version': u'1.0', 'metrics_api_version': '1', u'metering_api_version': u'2', 'auth_url': 'http://openstack.companyipasub.com:5000/krb/v3/', 'additional_user_agent': [('osc-lib', '1.11.1')], u'network_api_version': u'2', u'message': u'', u'image_format': u'qcow2', 'networks': , u'image_api_version': u'2', u'clustering_api_version': u'1', 'verify': True, 'timing': False, u'dns_api_version': '2', u'object_store_api_version': u'1', u'status': u'active', u'container_infra_api_version': '1', 'verbose_level': 3, 'region_name': '', 'api_timeout': None, u'baremetal_api_version': u'1', 'auth': , 'default_domain': 'default', u'image_api_use_tasks': False, u'floating_ip_source': u'neutron', u'orchestration_api_version': '1', u'interface': None, u'application_catalog_api_version': u'1', 'cacert': None, u'key_manager_api_version': '1', u'workflow_api_version': u'2', u'baremetal_status_code_retries': '5', u'identity_api_version': '3', u'volume_api_version': u'2', 'deferred_help': False, 'cert': None, u'secgroup_source': u'neutron', 'alarming_api_version': '2', u'container_api_version': u'1', u'block_storage_api_version': u'2', u'disable_vendor_agent':
Using auth plugin: v3kerberos
Using parameters 'auth_url': 'http://openstack.companyipasub.com:5000/krb/v3/'
Get auth_ref
Making authentication request to http://openstack.companyipasub.com:5000/krb/v3/auth/tokens
Starting new HTTP connection (1): openstack.companyipasub.com
http://openstack.companyipasub.com:5000 "POST /krb/v3/auth/tokens HTTP/1.1" 401 381
handle_401(): Handling: 401
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
%%%%%%%%%%%%%%%%%RESPONSE HEADER%%%%%%%%%
openstack.companyipasub.com
HTTP
10
#####################BEFORE NEGOTATION################
1
openstack.companyipasub.com
<PyCObject object at 0x7feeb1f2aeb8>
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>401 Unauthorized</title>
</head><body>
<h1>Unauthorized</h1>
<p>This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.</p>
</body></html>
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
authenticate_user(): Authorization header: Negotiate YIIEsQYJKoZIhvcSAQICAQBuggSgMIIEnKADAgEFoQMCAQ6iBwMFACAAAACjggOuYYIDqjCCA6agAwIBBaEQGw5NU1lTSVBBUUNTLkNPTaIrMCmgAwIBA6EiMCAbBEhUVFAbGG9wZW5zdGFjay5tc3lzaXBhcWNzLmNvbaOCA14wggNaoAMCARKhAwIBAaKCA0wEggNIEYkxuhR67BYR0AiQZNcdkcjw9n9Whu15PAx7sQeAlMl0RTKqHJlMhL/djZTPJoaIJ6AWUiLovambzqA9SUngU5wEuYlwlB+h8nvxVWuqziEsukaWBWErToIKnA6R2bds4aoUCtfEElJP+kAFgyf+biqCNIzWJpKrYlMgX9gZqqAkL+uzdWMyClEAABODajw5hg8BmTLOJ5xY/BsYh2eKFn3S9y150OV1RKf5Vct2WpVQNbz/1h7Uu4iNngfTx3rvYQWg1AarkL76HACXiqu07dlmZilgf29umyy9GtNYsrJYNO0Fl1cejzOsGotxFh1Wufg5RJ3NMgHaQ477elmixsDnLC1eUtGmP4tmdpMFFoFjMi9pusdWBnsRBWK5VpJgJsSZIMNcxMMLT4CAEM5/nTo7I8ZDtrO828IhFeity4gYZeFcMZpcO9pGKL70ruWaVh8QTV9E/7DakcTAJ6eMYmTzU7mSnT8rZbA9CVRpKwU2mF3osZfWIPdmRSjM9qR540Xkj39CUaZSf2xRIyFfLPQuyQ/tKIeQH6lrO2hKIUXqmnUw5OzJBaE+JfTuAuIcnGhfA9VESN3Ymmx71SSvRLpYwHZXEWRHo2G32iyGW6pL3pf32N72oL5odlz2a8FOzSwV4vhnOHjeB0wVymmLht5BIMy5xV+UjYNomolMXLS1vrd20aI5vXpoQZNTd5ANx+7PjkXuZSxkadxFcEJQzCTwKRs0DhF6qnsVBL5t9WjiCxkUqFNQ867ZWefDW9ZkrMbTdgJ09O94an1VTNETkUFs8feQcevYXJN87dM6tp6wMFQB51zoCaF5DlHzNtwUMtv0kD0NTILULQ9jy7N2797a16FR8eueaS0YW9troP263zGjsXGP6hu1pljDCS4SLXfA5M4fLNjheOMkqrFNyHty83jEuZaNKnjKip9KVfV02YoA/r8T7ybTXSQYEohLfwIrMqL4QgjRqlb1w9R5eaHjJZ+3N2bMqdM6i5XrD4FYOw71paIQ1KDaYWVhDYzDgporDKZdKeTjGnKZjXqOMu2NMbxQCqgRl2ffRUQqYHVlr0K+H+vLyTM1hMQYQNgTOKJzmc2X4blSH0NNmXkH4SD8WwyKrRR/pIHUMIHRoAMCARKigckEgcZ1btIWWLebFDMojIrDaSja+mlF5zhAAISr8Xs8ngjbHtv3cp/L8o2LzovHGsHLlyEOFYOk8yA7fIbJ0bdqeEZ0AGn5Y9vpUhTBAOIRt7n5Ksx4MKNCjOxeoa2m2UfUNtbMgcPgN8VNZ9Z/nYvUZW9Vyd4KbPKz7+3yrKArkjz7Q47XTRyZt49eWlThhryZT2c941m6RlP0NlMYE1iA8HZfU+hpE9ZrM4QB9rjaF3YCzNriWCW8mgpyHQC/OyPgBo6Krqe3HWc=
http://openstack.companyipasub.com:5000 "POST /krb/v3/auth/tokens HTTP/1.1" 401 114
authenticate_user(): returning <Response [401]>
handle_401(): returning <Response [401]>
handle_response(): returning <Response [401]>
handle_response() has seen 0 401 responses
handle_401(): Handling: 401
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv/cBxSains0m+hfCjXhwcg/eStoasDfYiwF56vheZT9t7EVelUjfaXEtcel9E7YShc7WtbIW73NnsSM/7h8yKsqWEGwDnnSe063SnuAMW7xK0i44q3j1UkvPF7E00wF3dPzooeDxZT2Ztqc4kQ5xU
%%%%%%%%%%%%%%%%%RESPONSE HEADER%%%%%%%%%
openstack.companyipasub.com
HTTP
10
#####################BEFORE NEGOTATION################
1
openstack.companyipasub.com
<PyCObject object at 0x7feeb1f2af58>
"error": "message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"
!!!!!!!!!!!!!!!!!!!!!!!!!!NEGOTATION###################################
YIGZBgkqhkiG9xIBAgICAG+BiTCBhqADAgEFoQMCAQ+iejB4oAMCARKicQRv/cBxSains0m+hfCjXhwcg/eStoasDfYiwF56vheZT9t7EVelUjfaXEtcel9E7YShc7WtbIW73NnsSM/7h8yKsqWEGwDnnSe063SnuAMW7xK0i44q3j1UkvPF7E00wF3dPzooeDxZT2Ztqc4kQ5xU
generate_request_header(): authGSSClientStep() failed:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 136, in generate_request_header
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
(('Invalid token was supplied', 589824), ('Success', 100001))
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/requests_kerberos/kerberos_.py", line 136, in generate_request_header
_negotiate_value(response))
GSSError: (('Invalid token was supplied', 589824), ('Success', 100001))
handle_401(): returning <Response [401]>
handle_response(): returning <Response [401]>
handle_response() has seen 1 401 responses
handle_response(): returning 401 <Response [401]>
Request returned failure status: 401
The request you have made requires authentication. (HTTP 401) (Request-ID: req-1f34993d-e869-491d-be4d-fc756f081beb)
clean_up IssueToken: The request you have made requires authentication. (HTTP 401) (Request-ID: req-1f34993d-e869-491d-be4d-fc756f081beb)
END return value: 1
centos kerberos openstack
centos kerberos openstack
asked Dec 28 '18 at 9:34
HarryHarry
1197
asked Dec 28 '18 at 9:34
HarryHarry
1197
edited Dec 28 '18 at 12:28
Harry
asked Dec 28 '18 at 9:34
HarryHarry
1197
asked Dec 28 '18 at 9:34
HarryHarry
1197
asked Dec 28 '18 at 9:34
HarryHarry
1197
1197
add a comment |
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491270%2fopenstack-keystone-and-kerberos%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
draft saved
draft discarded
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
draft saved
draft discarded
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f491270%2fopenstack-keystone-and-kerberos%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown