On 06.07.2010 10:12, Zhang, Vivian wrote:
Hi:
The root cause of "osc ci" permission failure is caused by the double http request for the remote resource access: For the normal process with allow_anonymous disabled: 1. osc client sends the normal request without authentication header, then server will give a 401 response with authentication requirement for real "API login". 2. osc client sends the same request again with authentication header which includes the username and password, e.g.: "Authorization: Basic amZkaW5nOm1vYmxpbjEyMw=="
Then when allow_anonymous is enabled with IP_ADDR: 1. osc client sends the normal request without authentication header, it passed the anonymous access check since the api server has the same IP_ADDR as the webui server, it will login with _nobody_.
Here is a workaround: Adding one line for http_headers in ~/.oscrc, e.g. [https://api.xxx.com] user=xxx passx=xxxxxxxxxxxxxxxxxxxxxx == + http_headers: Authorization: Basic amZkaW5nOm1vYmxpbjEyMw==
The encoded string after "Basic" is the base64 encoded "username:passwd", or you can get it from command: #echo -n username:passwd | base64
Anyway, it is a workaround from osc client side. Any good solution on the authentication check in server side?
Maybe it would be a good idea if the osc client always sends the authentication header by default? Greetings -- Thomas Schmidt (tom [at] opensuse.org) openSUSE Boosters Team "Don't Panic", Douglas Adams (1952 - 11.05.2001) -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org