login not possible with podman login but via browser

16 views

Skip to first unread message

Flomickl

unread,

Aug 2, 2024, 2:32:45 AM8/2/24

to quay-sig

Hi,

I have an issues with a user login to my quay-instance.

I run my quay with podman version 4.9.4-rhel on rhel 9.3

Quay is running successful and I can login via Browser into my quay registry

But with podman login with the same credentials or even a generated token, I always get a

DEBU[0168] Looking for TLS certificates and private keys in /etc/docker/certs.d/quay.example.com 
DEBU[0168] GET https://quay.example.com/v2/           
DEBU[0168] Ping https://quay.example.com/v2/ status 401 
DEBU[0168] GET https://quay.example.com/v2/auth?account=user&service=quay.example.com 
DEBU[0169] Increasing token expiration to: 60 seconds   
DEBU[0169] GET https://quay.example.com/v2/           
DEBU[0169] error logging into "quay.example.com": unable to retrieve auth token: invalid username/password: authentication required 
Error: logging into "quay.example.com": invalid username/password
DEBU[0169] Shutting down engines    

In my quay log

gunicorn-registry stdout | 2024-07-27 00:17:45,196 [282] [ERROR] [auth.registry_jwt_auth] Invalid bearer token: Unknown service key
gunicorn-registry stdout | Traceback (most recent call last):
gunicorn-registry stdout |   File "/quay-registry/auth/registry_jwt_auth.py", line 102, in identity_from_bearer_token
gunicorn-registry stdout |     payload = decode_bearer_header(bearer_header, instance_keys, app.config)
gunicorn-registry stdout |   File "/quay-registry/util/security/registry_jwt.py", line 51, in decode_bearer_header
gunicorn-registry stdout |     return decode_bearer_token(encoded_jwt, instance_keys, config)
gunicorn-registry stdout |   File "/quay-registry/util/security/registry_jwt.py", line 67, in wrapper
gunicorn-registry stdout |     raise e
gunicorn-registry stdout |   File "/quay-registry/util/security/registry_jwt.py", line 64, in wrapper
gunicorn-registry stdout |     rv = func(*args, **kwargs)
gunicorn-registry stdout |   File "/quay-registry/util/security/registry_jwt.py", line 102, in decode_bearer_token
gunicorn-registry stdout |     raise InvalidBearerTokenException("Unknown service key")
gunicorn-registry stdout | util.security.registry_jwt.InvalidBearerTokenException: Unknown service key
gunicorn-registry stdout | 2024-07-27 00:17:45,197 [282] [ERROR] [util.http] Error 401: Unknown service key; Arguments: {'url': 'https://quay.example.com/v2/', 'status_code': 401, 'message': 'Unknown service key'}

Does anyone know why and how this is happening?

Is there something wrong in my configs?

The configuration is posted here [1] on GitHub discussion session

https://github.com/quay/quay/discussions/3092

Any help is appreciated. :)

Reply all

Reply to author

Forward

0 new messages