when I run
curl -sSk
https://127.0.0.1:8000 -H 'Accept: application/x-yaml' -d username='saltapi' -d password=’salt-api-secret' -d eauth='pam'
I get:
401 Unauthorized No permission -- see authorization schemes
But if I do a
salt -a pam '*' test.ping
and then enter the username: saltapi and the correct secret password it succeeds pinging all the minions.
my '/etc/salt/master' has the ext_auth section filled in as:
external_auth:
pam:
saltapi:
- .*
- '@runner'
- '@wheel'
- '@jobs'
and I have set the ‘saltapi’ users password to the correct salt-api-secret value
Also if I ‘su’ from one user up to saltapi and enter the appropriate salt-api-secret value it also succeeds. So I have tested in two ways that pam authentication for this saltapi user does work just fine.
This is on a Centos 6 with all the latest patches.
salt —version reports:
and salt —-versions reports:
Salt: 2015.5.0
Python: 2.6.6 (r266:84292, Jan 22 2014, 09:42:36)
Jinja2: 2.2.1
M2Crypto: 0.20.2
msgpack-python: 0.4.6
msgpack-pure: Not Installed
pycrypto: 2.0.1
libnacl: Not Installed
PyYAML: 3.09
ioflo: Not Installed
PyZMQ: 14.5.0
RAET: Not Installed
ZMQ: 4.0.5
Mako: Not Installed
The full error message on the cmd line is:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta>
<title>401 Unauthorized</title>
<style type="text/css">
#powered_by {
margin-top: 20px;
border-top: 2px solid black;
font-style: italic;
}
#traceback {
color: red;
}
</style>
</head>
<body>
<h2>401 Unauthorized</h2>
<p>No permission -- see authorization schemes</p>
<pre id="traceback">Traceback (most recent call last):
File "/usr/lib/python2.6/site-packages/cherrypy/_cprequest.py", line 647, in respond
self.hooks.run('before_request_body')
File "/usr/lib/python2.6/site-packages/cherrypy/_cprequest.py", line 112, in run
raise exc
HTTPError: (401, None)
</pre>
<div id="powered_by">
</div>
</body>
</html>
How can I best debug this further? Any ideas on what to try next?
Thanks for any help.
—
Urs Rau