Hello, Can someone help me please, we are running Freeipa as domain controller and slurm to push jobs to the nodes. in order to use srun we need to configure auks to manage the ticket on slurm server: I changed the principal name and domain name.

`cat /etc/auks/auks.conf


#------------------------------------------------------------------------------
# auks client and server configuration file
#------------------------------------------------------------------------------

-

Common client/server elements

-

common {

Primary daemon configuration

PrimaryHost = "hostname.realm.com" ;

PrimaryAddress = "" ;

PrimaryPort = 12345 ; PrimaryPrincipal = "host/hostname.realm.com@REALM.COM" ;

Enable/Disable NAT traversal support (yes/no)

this value must be the same on every nodes

NAT = yes ;

max connection retries number

Retries = 3 ;

connection timeout

Timeout = 10 ;

delay in seconds between retries

Delay = 3 ;

}

auksd {

Primary daemon configuration

PrimaryKeytab = "/etc/krb5.keytab" ;

log file and level

LogFile = "/var/log/auksd.log" ; LogLevel = "5" ;

optional debug file and level

DebugFile = "/var/log/auksd.log" ; DebugLevel = "5" ;

directory in which daemons store the creds

CacheDir = "/var/cache/auks" ;

ACL file for cred repo access authorization rules

ACLFile = "/etc/auks/auksd.acl" ;

default size of incoming requests queue

it grows up dynamically

QueueSize = 50 ;

default repository size (number fo creds)

it grows up dynamicaly

RepoSize = 500 ;

number of workers for incoming request processing

Workers = 10 ;

delay in seconds between 2 repository clean stages

CleanDelay = 300 ;

use kerberos replay cache system (slow down)

ReplayCache = yes ;

}

-

Auksd renewer only elements

-

renewer {

log file and level

LogFile = "/var/log/auksdrenewer.log" ; LogLevel = "1" ;

optional debug file and level

DebugFile = "/var/log/auksdrenewer.log" ; DebugLevel = "0" ;

delay between two renew loops

Delay = "60" ;

Min Lifetime for credentials to be renewed

This value is also used as the grace trigger to renew creds

MinLifeTime = "600" ;

}

-

API only elements

-

api {

log file and level

LogFile = "/tmp/auksapi.log" ; LogLevel = "3" ;

optional debug file and level

DebugFile = "/tmp/auksapi.log" ; DebugLevel = "3" ;

} `

- cat  /etc/auks/auksd.acl:

rule { principal = ^host/hostname.realm.com@REALM.COM$ ; host = ; role = admin ; rule { principal = ^[[:alnum:]]@REALM.COM$ ; host = * ; role = user ; }

- cat /etc/sysconfig/aukspriv:

AUKS_PRIV_PRINC="host/hostname.realm.com"

AUKS_PRIV_KEYTAB="/etc/auks/auks.keytab"

AUKS_PRIV_KEYTAB="/etc/krb5.keytab"

- auksd deamon is down

systemctl status auksd -l

● auksd.service - Auks External Kerberos Credential Support Daemon Loaded: loaded (/usr/lib/systemd/system/auksd.service; enabled; vendor preset: disabled) Active: failed (Result: start-limit) since Tue 2019-01-15 15:10:31 EST; 1h 53min ago Process: 14286 ExecStart=/usr/sbin/auksd -F $AUKSPRIV_OPTIONS (code=exited, status=150) Main PID: 14286 (code=exited, status=150)

Jan 15 15:10:30 hostname.realm.com systemd[1]: Unit auksd.service entered failed state. Jan 15 15:10:30 hostname.realm.com systemd[1]: auksd.service failed. Jan 15 15:10:31 hostname.realm.com systemd[1]: auksd.service holdoff time over, scheduling restart. Jan 15 15:10:31 hostname.realm.com systemd[1]: Stopped Auks External Kerberos Credential Support Daemon. Jan 15 15:10:31 hostname.realm.com systemd[1]: start request repeated too quickly for auksd.service Jan 15 15:10:31 hostname.realm.com systemd[1]: Failed to start Auks External Kerberos Credential Support Daemon. Jan 15 15:10:31 hostname.realm.com systemd[1]: Unit auksd.service entered failed state. Jan 15 15:10:31 hostname.realm.com systemd[1]: auksd.service failed.

- auksdrenewer active with some errors

systemctl status auksdrenewer -l

● auksdrenewer.service - Auks Credentials Renewer Daemon Loaded: loaded (/usr/lib/systemd/system/auksdrenewer.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-01-15 15:10:26 EST; 1h 56min ago Main PID: 14267 (auksdrenewer) CGroup: /system.slice/auksdrenewer.service └─14267 /usr/sbin/auksdrenewer -F

Jan 15 17:02:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:02:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed Jan 15 17:02:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:02:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s Jan 15 17:03:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:03:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed Jan 15 17:03:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:03:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s Jan 15 17:04:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:04:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed Jan 15 17:04:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:04:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s Jan 15 17:05:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:05:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed Jan 15 17:05:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:05:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s Jan 15 17:06:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:06:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed Jan 15 17:06:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:06:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s


- aukspriv up without error:

systemctl status aukspriv -l

● aukspriv.service - Auks ccache from keytab scripted daemon Loaded: loaded (/usr/lib/systemd/system/aukspriv.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2019-01-15 15:10:19 EST; 1h 58min ago Process: 14238 ExecStart=/usr/sbin/aukspriv $AUKSPRIV_OPTIONS (code=exited, status=0/SUCCESS) Main PID: 14239 (aukspriv) CGroup: /system.slice/aukspriv.service ├─14239 /bin/bash /usr/sbin/aukspriv └─14248 sleep 35000

Jan 15 15:10:19hostname.realm.com systemd[1]: Starting Auks ccache from keytab scripted daemon... Jan 15 15:10:19 hostname.realm.com systemd[1]: Started Auks ccache from keytab scripted daemon.

- The  /var/log/auks.log isn't created and /var/cache/auks doesn't exist too, bellow the output of some commands:

$auks -a

-bash-4.2$ auks -a Tue Jan 15 16:52:16 2019 [INFO3] [euid=1500000047,pid=19292] auks_api: add request processing failed : auks api : connection failed Auks API request failed : auks api : connection failed -bash-4.2$ auks -vvv -a Tue Jan 15 16:52:27 2019 [INFO2] [euid=1500000047,pid=19307] auks_engine: initializing engine from 'common' block of file /etc/auks/auks.conf Tue Jan 15 16:52:27 2019 [INFO2] [euid=1500000047,pid=19307] auks_engine: initializing engine from 'api' block of file /etc/auks/auks.conf Tue Jan 15 16:52:27 2019 [INFO2] [euid=1500000047,pid=19307] auks_engine: initializing engine from 'renewer' block of file /etc/auks/auks.conf Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine primary daemon is 'hostname.realm.com' Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine primary daemon address is 'hostname.realm.com' Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine primary daemon port is 12345 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine primary daemon principal is host/hostname.realm.com@REALM.COM Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine secondary daemon is 'localhost' Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine secondary daemon address is 'localhost' Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine secondary daemon port is 12345 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine secondary daemon principal is Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine logfile is /tmp/auksapi.log Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine loglevel is 3 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine debugfile is /tmp/auksapi.log Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine debuglevel is 3 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine retry number is 3 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine timeout is 10 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine delay is 3 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine NAT traversal mode is enabled Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer_logfile is /var/log/auksdrenewer.log Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer_loglevel is 1 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer_debugfile is /var/log/auksdrenewer.log Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer_debuglevel is 0 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer delay is 60 Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer min cred lifetime is 600 Tue Jan 15 16:52:33 2019 [INFO3] [euid=1500000047,pid=19307] auks_api: add request processing failed : auks api : connection failed Auks API request failed : auks api : connection failed


$auksd -vvv

bash-4.2$ auksd -vvv Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] auksd_engine: initializing engine from 'common' block of file /etc/auks/auks.conf Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] auksd_engine: initializing engine from 'auksd' block of file /etc/auks/auks.conf Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] auksd_engine: unable to init auksd engine ACL from file /etc/auks/auksd.acl Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] auksd_engine: initialization failed Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] exiting : auks acl : unable to parse acl file


$ klist

Ticket cache: KEYRING:persistent:1500000047:krb_ccache_iqWq6Zl Default principal: admin@REALM.COM

Valid starting Expires Service principal 01/15/2019 16:47:40 01/16/2019 16:47:36 krbtgt/REALM.COM@REALM.COM


vi  /tmp/auksapi.log

Mon Jan 14 12:07:50 2019 [INFO3] [euid=0,pid=24313] auks_api: auks cred extraction failed : krb5 cred : unable to read credential cache Mon Jan 14 12:07:52 2019 [INFO3] [euid=0,pid=24320] auks_api: auks cred extraction failed : krb5 cred : unable to read credential cache Mon Jan 14 12:07:58 2019 [INFO3] [euid=0,pid=24339] auks_api: auks cred extraction failed : krb5 cred : unable to read credential cache Mon Jan 14 13:16:14 2019 [INFO3] [euid=0,pid=6201] auks_api: add request processing failed : auks api : connection failed Tue Jan 15 12:16:33 2019 [INFO3] [euid=0,pid=5408] auks_api: auks cred extraction failed : krb5 cred : unable to read credential cache Tue Jan 15 12:18:48 2019 [INFO3] [euid=0,pid=5427] auks_api: add request processing failed : auks api : connection failed Tue Jan 15 12:19:59 2019 [INFO3] [euid=0,pid=5454] auks_api: add request processing failed : auks api : connection failed Tue Jan 15 12:22:26 2019 [INFO3] [euid=0,pid=5508] auks_api: add request processing failed : auks api : connection failed Tue Jan 15 13:07:43 2019 [INFO3] [euid=0,pid=7786] auks_api: ping request processing failed : auks api : connection failed Tue Jan 15 14:05:00 2019 [INFO3] [euid=0,pid=10769] auks_api: ping request processing failed : auks api : connection failed Tue Jan 15 14:18:11 2019 [INFO3] [euid=0,pid=11552] auks_api: add request processing failed : auks api : connection failed Tue Jan 15 14:18:34 2019 [INFO3] [euid=0,pid=11572] auks_api: ping request processing failed : auks api : connection failed Tue Jan 15 16:15:48 2019 [INFO3] [euid=0,pid=17458] auks_api: ping request processing failed : auks api : connection failed Tue Jan 15 16:19:02 2019 [INFO3] [euid=0,pid=17621] auks_api: dump request processing failed : auks api : connection failed Tue Jan 15 16:19:02 2019 [INFO1] [euid=0,pid=17621] renewer: unable to dump auksd creds : auks api : request processing failed Tue Jan 15 16:19:02 2019 [INFO1] [euid=0,pid=17621] renewer: 32647 creds renewed in ~6s Tue Jan 15 16:19:02 2019 [INFO2] [euid=0,pid=17621] renewer: sleeping 54 seconds before next renew Tue Jan 15 16:19:28 2019 [INFO1] [euid=0,pid=17621] renewer: ending main loop



Thanks,

Hello

As mentioned in the error, the acl file can not be parsed properly.

There is a missing '}' character between the two defined rules. Each rule parameters must be enclosed in {}. This is not the case in your auksd.acl file.

HTH Matthieu

Le mar. 15 janv. 2019 à 23:30, rufa11 notifications@github.com a écrit :

Hello, Can someone help me please, we are running Freeipa as domain controller and slurm to push jobs to the nodes. in order to use srun we need to configure auks to manage the ticket on slurm server: I changed the principal name and domain name.

`cat /etc/auks/auks.conf

------------------------------------------------------------------------------

auks client and server configuration file

------------------------------------------------------------------------------

-

Common client/server elements

-

common {

Primary daemon configuration

PrimaryHost = "hostname.realm.com" ;

PrimaryAddress = "" ;

PrimaryPort = 12345 ;

PrimaryPrincipal = "host/hostname.realm.com@REALM.COM" ;

Enable/Disable NAT traversal support (yes/no)

this value must be the same on every nodes

NAT = yes ;

max connection retries number

Retries = 3 ;

connection timeout

Timeout = 10 ;

delay in seconds between retries

Delay = 3 ;

}

auksd {

Primary daemon configuration

PrimaryKeytab = "/etc/krb5.keytab" ;

log file and level

LogFile = "/var/log/auksd.log" ;

LogLevel = "5" ;

optional debug file and level

DebugFile = "/var/log/auksd.log" ;

DebugLevel = "5" ;

directory in which daemons store the creds

CacheDir = "/var/cache/auks" ;

ACL file for cred repo access authorization rules

ACLFile = "/etc/auks/auksd.acl" ;

default size of incoming requests queue

it grows up dynamically

QueueSize = 50 ;

default repository size (number fo creds)

it grows up dynamicaly

RepoSize = 500 ;

number of workers for incoming request processing

Workers = 10 ;

delay in seconds between 2 repository clean stages

CleanDelay = 300 ;

use kerberos replay cache system (slow down)

ReplayCache = yes ;

}

-

Auksd renewer only elements

-

renewer {

log file and level

LogFile = "/var/log/auksdrenewer.log" ;

LogLevel = "1" ;

optional debug file and level

DebugFile = "/var/log/auksdrenewer.log" ;

DebugLevel = "0" ;

delay between two renew loops

Delay = "60" ;

Min Lifetime for credentials to be renewed

This value is also used as the grace trigger to renew creds

MinLifeTime = "600" ;

}

-

API only elements

-

api {

log file and level

LogFile = "/tmp/auksapi.log" ;

LogLevel = "3" ;

optional debug file and level

DebugFile = "/tmp/auksapi.log" ;

DebugLevel = "3" ;

}

`

cat /etc/auks/auksd.acl:

rule {
        principal = ^host/hostname.realm.com@REALM.COM$ ;

        host = * ;

        role = admin ;
rule {
        principal = ^[[:alnum:]]*@REALM.COM$ ;

        host = * ;

        role = user ;

}
cat /etc/sysconfig/aukspriv:

AUKS_PRIV_PRINC="host/hostname.realm.com"

AUKS_PRIV_KEYTAB="/etc/auks/auks.keytab"

AUKS_PRIV_KEYTAB="/etc/krb5.keytab"

auksd deamon is down

systemctl status auksd -l

● auksd.service - Auks External Kerberos Credential Support Daemon

Loaded: loaded (/usr/lib/systemd/system/auksd.service; enabled; vendor preset: disabled)

Active: failed (Result: start-limit) since Tue 2019-01-15 15:10:31 EST; 1h 53min ago

Process: 14286 ExecStart=/usr/sbin/auksd -F $AUKSPRIV_OPTIONS (code=exited, status=150)

Main PID: 14286 (code=exited, status=150)

Jan 15 15:10:30 hostname.realm.com systemd[1]: Unit auksd.service entered failed state.

Jan 15 15:10:30 hostname.realm.com systemd[1]: auksd.service failed.

Jan 15 15:10:31 hostname.realm.com systemd[1]: auksd.service holdoff time over, scheduling restart.

Jan 15 15:10:31 hostname.realm.com systemd[1]: Stopped Auks External Kerberos Credential Support Daemon.

Jan 15 15:10:31 hostname.realm.com systemd[1]: start request repeated too quickly for auksd.service

Jan 15 15:10:31 hostname.realm.com systemd[1]: Failed to start Auks External Kerberos Credential Support Daemon.

Jan 15 15:10:31 hostname.realm.com systemd[1]: Unit auksd.service entered failed state.

Jan 15 15:10:31 hostname.realm.com systemd[1]: auksd.service failed.

auksdrenewer active with some errors

systemctl status auksdrenewer -l

● auksdrenewer.service - Auks Credentials Renewer Daemon

Loaded: loaded (/usr/lib/systemd/system/auksdrenewer.service; enabled; vendor preset: disabled)

Active: active (running) since Tue 2019-01-15 15:10:26 EST; 1h 56min ago

Main PID: 14267 (auksdrenewer)

CGroup: /system.slice/auksdrenewer.service
       └─14267 /usr/sbin/auksdrenewer -F
Jan 15 17:02:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:02:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed

Jan 15 17:02:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:02:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s

Jan 15 17:03:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:03:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed

Jan 15 17:03:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:03:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s

Jan 15 17:04:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:04:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed

Jan 15 17:04:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:04:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s

Jan 15 17:05:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:05:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed

Jan 15 17:05:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:05:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s

Jan 15 17:06:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:06:32 2019 [INFO1] [euid=0,pid=14267] renewer: unable to dump auksd creds : auks api : request processing failed

Jan 15 17:06:32 hostname.realm.com auksdrenewer[14267]: Tue Jan 15 17:06:32 2019 [INFO1] [euid=0,pid=14267] renewer: 32727 creds renewed in ~6s

aukspriv up without error:

systemctl status aukspriv -l

● aukspriv.service - Auks ccache from keytab scripted daemon

Loaded: loaded (/usr/lib/systemd/system/aukspriv.service; enabled; vendor preset: disabled)

Active: active (running) since Tue 2019-01-15 15:10:19 EST; 1h 58min ago

Process: 14238 ExecStart=/usr/sbin/aukspriv $AUKSPRIV_OPTIONS (code=exited, status=0/SUCCESS)

Main PID: 14239 (aukspriv)

CGroup: /system.slice/aukspriv.service
       ├─14239 /bin/bash /usr/sbin/aukspriv

       └─14248 sleep 35000
Jan 15 15:10:19hostname.realm.com systemd[1]: Starting Auks ccache from keytab scripted daemon...

Jan 15 15:10:19 hostname.realm.com systemd[1]: Started Auks ccache from keytab scripted daemon.

The /var/log/auks.log isn't created and /var/cache/auks doesn't exist too, bellow the output of some commands:

$auks -a

-bash-4.2$ auks -a

Tue Jan 15 16:52:16 2019 [INFO3] [euid=1500000047,pid=19292] auks_api: add request processing failed : auks api : connection failed

Auks API request failed : auks api : connection failed

-bash-4.2$ auks -vvv -a

Tue Jan 15 16:52:27 2019 [INFO2] [euid=1500000047,pid=19307] auks_engine: initializing engine from 'common' block of file /etc/auks/auks.conf

Tue Jan 15 16:52:27 2019 [INFO2] [euid=1500000047,pid=19307] auks_engine: initializing engine from 'api' block of file /etc/auks/auks.conf

Tue Jan 15 16:52:27 2019 [INFO2] [euid=1500000047,pid=19307] auks_engine: initializing engine from 'renewer' block of file /etc/auks/auks.conf

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine primary daemon is 'hostname.realm.com'

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine primary daemon address is 'hostname.realm.com'

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine primary daemon port is 12345

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine primary daemon principal is host/hostname.realm.com@REALM.COM

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine secondary daemon is 'localhost'

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine secondary daemon address is 'localhost'

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine secondary daemon port is 12345

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine secondary daemon principal is

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine logfile is /tmp/auksapi.log

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine loglevel is 3

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine debugfile is /tmp/auksapi.log

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine debuglevel is 3

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine retry number is 3

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine timeout is 10

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine delay is 3

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine NAT traversal mode is enabled

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer_logfile is /var/log/auksdrenewer.log

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer_loglevel is 1

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer_debugfile is /var/log/auksdrenewer.log

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer_debuglevel is 0

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer delay is 60

Tue Jan 15 16:52:27 2019 [INFO3] [euid=1500000047,pid=19307] auks_engine: engine renewer min cred lifetime is 600

Tue Jan 15 16:52:33 2019 [INFO3] [euid=1500000047,pid=19307] auks_api: add request processing failed : auks api : connection failed

Auks API request failed : auks api : connection failed

$auksd -vvv

bash-4.2$ auksd -vvv

Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] auksd_engine: initializing engine from 'common' block of file /etc/auks/auks.conf

Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] auksd_engine: initializing engine from 'auksd' block of file /etc/auks/auks.conf

Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] auksd_engine: unable to init auksd engine ACL from file /etc/auks/auksd.acl

Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] auksd_engine: initialization failed

Tue Jan 15 16:55:57 2019 [INFO1] [euid=1500000047,pid=19477] exiting : auks acl : unable to parse acl file

$ klist

Ticket cache: KEYRING:persistent:1500000047:krb_ccache_iqWq6Zl

Default principal: admin@REALM.COM

Valid starting Expires Service principal

01/15/2019 16:47:40 01/16/2019 16:47:36 krbtgt/REALM.COM@REALM.COM

Thanks,

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/hautreux/auks/issues/32, or mute the thread https://github.com/notifications/unsubscribe-auth/AA2pp0QUHFdOsDu-CwjmELwQOdvTGiaVks5vDlZsgaJpZM4aB8KI .

hautreux / auks

auks acl : unable to parse acl file #32

-

Common client/server elements

-

Primary daemon configuration

PrimaryAddress = "" ;

Enable/Disable NAT traversal support (yes/no)

this value must be the same on every nodes

max connection retries number

connection timeout

delay in seconds between retries

Primary daemon configuration

log file and level

optional debug file and level

directory in which daemons store the creds

ACL file for cred repo access authorization rules

default size of incoming requests queue

it grows up dynamically

default repository size (number fo creds)

it grows up dynamicaly

number of workers for incoming request processing

delay in seconds between 2 repository clean stages

use kerberos replay cache system (slow down)

-

Auksd renewer only elements

-

log file and level

optional debug file and level

delay between two renew loops

Min Lifetime for credentials to be renewed

This value is also used as the grace trigger to renew creds

-

API only elements

-

log file and level

optional debug file and level

AUKS_PRIV_KEYTAB="/etc/auks/auks.keytab"

systemctl status auksd -l

systemctl status auksdrenewer -l

systemctl status aukspriv -l

------------------------------------------------------------------------------

auks client and server configuration file

------------------------------------------------------------------------------

-

Common client/server elements

-

Primary daemon configuration

PrimaryAddress = "" ;

Enable/Disable NAT traversal support (yes/no)

this value must be the same on every nodes

max connection retries number

connection timeout

delay in seconds between retries

Primary daemon configuration

log file and level

optional debug file and level

directory in which daemons store the creds

ACL file for cred repo access authorization rules

default size of incoming requests queue

it grows up dynamically

default repository size (number fo creds)

it grows up dynamicaly

number of workers for incoming request processing

delay in seconds between 2 repository clean stages

use kerberos replay cache system (slow down)

-

Auksd renewer only elements

-

log file and level

optional debug file and level

delay between two renew loops

Min Lifetime for credentials to be renewed

This value is also used as the grace trigger to renew creds

-

API only elements

-

log file and level

optional debug file and level

AUKS_PRIV_KEYTAB="/etc/auks/auks.keytab"