Unable to login

[ffuentesb]

Using fedora 27 x86_64, I go to https://localhost:8001 and get the loging prompt. I enter the username and password and it fails to auth.

wokd[26023]: ERROR:cherrypy.error:WOKAUTH0001E: Authentication failed for user 'usernamehere'. [Error code: 7] wokd[26023]: ERROR:cherrypy.error:WOKAUTH0008E: The username or password you entered is incorrect. Please try again

Ideas?

[FastFelix771]

are you using the linux user root of your machine? kimchi uses pam to authenticate and usual users are not able to see or edit much of the GUI.

[ffuentesb]

I cant loging at all.... Nether as user nor root.

[FastFelix771]

Hm, i don't really have an idea then - i never used Fedora (yet) and currently test Kimchi on Ubuntu.

[ffuentesb]

Thanks for your reply. Hopefully somebody can pitch in.

[ffuentesb]

BumP? :)

[piotr-gbyliczek]

I have exact same issue. I was using Fedora 25, where all was working fine, then decided to upgrade to Fedora 27 and found out that kimchi stopped accepting my user/password. I can still go to that server over ssh or via physical terminal using these credentials, so they are correct.

Trying to track issue down it seems to be down to cherrypy returning that auth error, but I know little about python to try and debug that quickly. Would cherrypy be the part that talks to pam ?

Strangely, I've had identical result when I used kimchi 1.5, which is the version available on F27. So it may be as well something from there that is not working well with latest release of kimchi.

I'll keep looking at this when time allows.

Piotr

[ffuentesb]

Thanks for your reply. I have not been able to make it work and like you I know very little about python :(

[piotr-gbyliczek]

Solved it.

Had some time to dig around and found that problem is in interaction between python and PAM.

python pam module is using "passwd" as a default PAM service to verify log-in credentials. wok does exactly the same, while setting the "passwd" service explicitly. This seems to be a problem on Fedora 27 and 28. I was able to solve this issue by changing wok pam service to system-auth :

--- /usr/lib/python2.7/site-packages/wok/auth.py.org    2018-05-18 18:56:52.948726704 +0100
+++ /usr/lib/python2.7/site-packages/wok/auth.py        2018-05-18 18:57:15.843333455 +0100
@@ -145,7 +145,7 @@
             debug("User %s is not allowed to run sudo" % self.name)

     @staticmethod
-    def authenticate(username, password, service="passwd"):
+    def authenticate(username, password, service="system-auth"):
         '''Returns True if authenticate is OK via PAM.'''
         def _auth(result):
             def _pam_conv(auth, query_list, userData=None):

Not sure exactly why this has changed from Fedora 25, on which I had wok/kimchi working previously, nor what are the security implications of the above change, so if anybody can check it, it would be great.

Regards, Piotr

[ffuentesb]

Thanks for your fix!

[DevPre24]

Thanks!

[FreeSoftwareServers]

cat /usr/lib/python2.7/site-packages/wok/auth.py  | grep service=
sed -i -e 's/passwd/system-auth/g' /usr/lib/python2.7/site-packages/wok/auth.py 
cat /usr/lib/python2.7/site-packages/wok/auth.py  | grep service=
service wokd restart

[sammcj]

I have this problem on CentOS 7 using the release 2.5.0 RPMs - however the above passwd vs system-auth change does not fix my problem.

After entering the correct username and password, the page simply reloads.

Nothing in the error or access logs of interest.

[alinefm]

This fix is already available in master branch and it will be part of the next release.

@sammcj I am going to test it on CentOS7 and turn back to you in https://github.com/kimchi-project/kimchi/issues/1270

[lkthomas]

This is a critical patch, please rollout minor patch for Redhat distro user.

[alinefm]

@lkthomas I'd love to do that but getting into RH distro is not that easy. I will check what I can do to have it updated.