search

cyverse / gocommands

iRODS Command-line Tools written in Go
Other
29 stars 18 forks source link

Authentication error #29

Closed Venustiano closed 5 months ago

Venustiano commented 6 months ago

I am using 'gocommands' v0.8.5 for MacOS M2. My config file is using PAM authentication

% cat ~/.irods/irods_environment.json
{
    "irods_authentication_scheme": "PAM",
    "irods_client_server_negotiation": "request_server_negotiation",
    "irods_client_server_policy": "CS_NEG_REQUIRE",
    "irods_port": 1247,
    ....

After running ./gocmd init the immediate interaction with iRODS is fine. However, after a couple of hours simple commands such as ./gocmd ls or even ./gocmd init result in the following error

Authentication failed (auth scheme: 'native', username: 'username', zone: 'Zone')!

Error Trace:
  - failed to connect to iRODS server:
    github.com/cyverse/gocommands/cmd/subcmd.processInitCommand
        /github/workspace/cmd/subcmd/init.go:58
  - failed to connect:
    github.com/cyverse/gocommands/commons.GetIRODSConnection
        /github/workspace/commons/irods_client.go:49
  - failed to login to irods:
    github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).Connect
        /go/pkg/mod/github.com/cyverse/go-irodsclient@v0.13.2/irods/connection/connection.go:253
  - received irods authentication error (CAT_INVALID_USER):
    github.com/cyverse/go-irodsclient/irods/connection.(*IRODSConnection).login
        /go/pkg/mod/github.com/cyverse/go-irodsclient@v0.13.2/irods/connection/connection.go:468
  - authentication error (auth scheme: 'native', username: 'username', zone: 'Zone')

For some reason gocommands is using native authentication but it is supposed to use PAM. The only way I have found to gain access again into iRODS is by removing the .irodsA file and running ./gocmd init again.

iychoi commented 6 months ago

Can you give me more details to reproduce the issue? What commands did you use after ./gocmd init?

Also, can you check if the session file ~/.irods/irods_environment.json.<ppid number> has different authentication scheme?

Venustiano commented 5 months ago

I suppose you have reproduced the issue, but just in case,

After running ./gocmd init the go commands run fine ls, get, put, etc.. After a while gocommands is misconfigured and cannot access iRODS anymore as described above.

There is no ~/.irods/irods_environment.json.<ppid number> session file created.

iychoi commented 5 months ago

Pushed a commit 6543a67eee3a053500caaa34eacab53032024d57 that adds a new flag --ttl to control PAM password TTL time. With PAM authentication, iRODS server invalidates the PAM token (temporary password) after 1 hour by default. To increase you need to specify TTL when running gocmd init.

A new release including the commit will be released in few days.

iychoi commented 5 months ago

The new version is here. https://github.com/cyverse/gocommands/releases/tag/v0.9.0