jupyterhub+docker issue with change of user password
816 views
Skip to first unread message
Hannes Diedrich
Nov 14, 2016, 9:35:49 AM11/14/16
to Project Jupyter
Hello,
we have jupyterhub (version 0.6.1) running in a docker (version 1.10.3) container with Centos 7.2.1511 .
The authentication is performed by PAM which works fine because we mapped the following files:
-v /etc/pam.d:/etc/pam.d -v /etc/passwd:/etc/passwd -v /etc/shadow:/etc/shadow
However, when we change a user PW with passwd on the host system (also Centos 7.2.1511) without restarting the docker container, the user can not log onto the jupyterhub and more and
PAM raises an authentication error:
we have jupyterhub (version 0.6.1) running in a docker (version 1.10.3) container with Centos 7.2.1511 .
The authentication is performed by PAM which works fine because we mapped the following files:
-v /etc/pam.d:/etc/pam.d -v /etc/passwd:/etc/passwd -v /etc/shadow:/etc/shadow
However, when we change a user PW with passwd on the host system (also Centos 7.2.1511) without restarting the docker container, the user can not log onto the jupyterhub and more and
PAM raises an authentication error:
PAM Authentication failed (user@ip): [PAM Error 7] Authentication failure
The same applies when adding a new user on the host system with adduser: Here, the following error occurs:
PAM Authentication failed (user@ip): [PAM Error 3] Error in service module
Is it necessary to restart the jupyterhub after changes of /etc/passwd or is this an issue with the combination of docker and jupyterhub?
Is there a way around restarting the hub?
Thanks in advance for you comments!
Best,
Hannes
MinRK
Nov 16, 2016, 9:18:12 AM11/16/16
to Project Jupyter
Can you run `docker exec` to check that the contents of the passwd file are still in-sync or not after the update?
There's a chance that mounting the file doesn't quite work (depending on how the file is modified), and you may need to mount a directory, instead to ensure that files are correct.
-Min
--
You received this message because you are subscribed to the Google Groups "Project Jupyter" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jupyter+unsubscribe@googlegroups.com.
To post to this group, send email to jup...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jupyter/d7ce5f80-82e7-40b4-93d1-5c26c130a1d4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Kacper Kowalik
Nov 16, 2016, 10:18:30 AM11/16/16
to jup...@googlegroups.com
On 11/16/2016 08:17 AM, MinRK wrote:
> Can you run `docker exec` to check that the contents of the passwd
> file are still in-sync or not after the update?
>
> There's a chance that mounting the file doesn't quite work (depending
> on how the file is modified), and you may need to mount a directory,
> instead to ensure that files are correct.
>
> -Min
Hi,
> Can you run `docker exec` to check that the contents of the passwd
> file are still in-sync or not after the update?
>
> There's a chance that mounting the file doesn't quite work (depending
> on how the file is modified), and you may need to mount a directory,
> instead to ensure that files are correct.
>
> -Min
the way the passwd/adduser work is that they create a temporary file
that's later renamed to either /etc/passwd or /etc/shadow. Mount bind on
a file can't handle such scenario:
$ echo "blah" > source
$ touch target
$ sudo mount -o bind source target
$ cat target
blah
$ echo "new file" > foo
$ mv foo source
$ cat source
new file
$ cat target
blah
Cheers,
Kacper
> On Mon, Nov 14, 2016 at 3:35 PM, Hannes Diedrich
> <diedric...@gmail.com> wrote:
>
>> Hello,
>>
>> we have jupyterhub (version 0.6.1) running in a docker (version
>> 1.10.3) container with Centos 7.2.1511 . The authentication is
>> performed by PAM which works fine because we mapped the following
>> /etc/shadow:/etc/shadow*
>>
>> However, when we change a user PW with *passwd* on the host system
>> (also Centos 7.2.1511) without restarting the docker container, the
>> user can not log onto the jupyterhub and more and PAM raises an
>> authentication error:
>>
>> *PAM Authentication failed (user@ip): [PAM Error 7] Authentication
>> user can not log onto the jupyterhub and more and PAM raises an
>> authentication error:
>>
>> failure*
>>
>> The same applies when adding a new user on the host system with
>> *adduser*: Here, the following error occurs: *PAM Authentication
>> The same applies when adding a new user on the host system with
>> failed **(user@ip): [PAM Error 3] Error in service module*
>>
>> Is it necessary to restart the jupyterhub after changes of
>> /etc/passwd or is this an issue with the combination of docker and
>> jupyterhub? Is there a way around restarting the hub?
>>
>> Thanks in advance for you comments! Best, Hannes
>>
>> -- You received this message because you are subscribed to the
>> Google Groups "Project Jupyter" group. To unsubscribe from this
>> group and stop receiving emails from it, send an email to
>> jupyter+u...@googlegroups.com. To post to this group, send
>> Is it necessary to restart the jupyterhub after changes of
>> /etc/passwd or is this an issue with the combination of docker and
>> jupyterhub? Is there a way around restarting the hub?
>>
>> Thanks in advance for you comments! Best, Hannes
>>
>> -- You received this message because you are subscribed to the
>> Google Groups "Project Jupyter" group. To unsubscribe from this
>> group and stop receiving emails from it, send an email to
>> email to jup...@googlegroups.com. To view this discussion on the
>> web visit https://groups.google.com/d/
>> msgid/jupyter/d7ce5f80-82e7-40b4-93d1-5c26c130a1d4%40googlegroups.com
>>
>>
<https://groups.google.com/d/msgid/jupyter/d7ce5f80-82e7-40b4-93d1-5c26c130a1d4%40googlegroups.com?utm_medium=email&utm_source=footer>
>> web visit https://groups.google.com/d/
>> msgid/jupyter/d7ce5f80-82e7-40b4-93d1-5c26c130a1d4%40googlegroups.com
>>
>>
>> . For more options, visit https://groups.google.com/d/optout.
>>
>
Reply all
Reply to author
Forward
0 new messages