hi, i'm trying to access the various functions via the API as a wheel client and for some reason i always get an "401 Unauthorized" error even though it looks to me like everything is configured correctly. i have created a user on the salt master that is used for API access, i added '@wheel' for the external authentication for the user in the salt master configuration file and have also added the user to the wheel group on the host even though i haven't seen anything requiring that in the documentation but i always get the authentication error (i always restarted salt-master and salt-api after making any changes for testing). does anybody have any ideas or suggestions? everything seems to work OK if the client argument is set to local. here is the output of curl on the salt master:
[root@srv ~]# curl -i -sSk
https://localhost:8888/run -H 'Accept: application/x-yaml' -d username=XXXX -d password=XXXX -d eauth=pam -d fun=salt.wheel.key.list_all -d client=wheel
HTTP/1.1 401 Unauthorized
Content-Length: 1196
Access-Control-Expose-Headers: GET, POST
Vary: Accept-Encoding
Server: CherryPy/3.2.2
Allow: GET, HEAD, POST
Access-Control-Allow-Credentials: true
Date: Mon, 16 Mar 2015 21:31:41 GMT
Access-Control-Allow-Origin: *
Content-Type: text/html;charset=utf-8
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"
http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
<title>401 Unauthorized</title>
<style type="text/css">
#powered_by {
margin-top: 20px;
border-top: 2px solid black;
font-style: italic;
}
#traceback {
color: red;
}
</style>
</head>
<body>
<h2>401 Unauthorized</h2>
<p>No permission -- see authorization schemes</p>
<pre id="traceback">Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/cherrypy/_cprequest.py", line 656, in respond
response.body = self.handler()
File "/usr/lib/python2.7/site-packages/cherrypy/lib/encoding.py", line 188, in __call__
self.body = self.oldhandler(*args, **kwargs)
File "/usr/lib/python2.7/site-packages/salt/netapi/rest_cherrypy/app.py", line 390, in hypermedia_handler
raise cherrypy.HTTPError(401)
HTTPError: (401, None)
</pre>
<div id="powered_by">
<span>Powered by <a href="
http://www.cherrypy.org">CherryPy 3.2.2</a></span>
</div>
</body>
</html>