Mailinglist Archive: opensuse-buildservice (136 mails)

< Previous Next >
Re: [opensuse-buildservice] 2.6 api not requesting any password
On Tuesday 25 August 2015, 15:38:18 wrote Carsten Höger:
Hi,

is it possible to secure the api by enforcing a password?

Using the appliance:

$ wget -Sv --no-check-certificate https://172.16.210.154/person/Admin -O -

This route is also requireing a password today. Are you sure you do not
have a .netrc?

Can you try with curl?

--2015-08-25 15:33:14-- https://172.16.210.154/person/Admin
Connecting to 172.16.210.154:443... connected.
WARNING: cannot verify 172.16.210.154's certificate, issued by
'emailAddress=test@email.address,OU=Organizational Unit Name,O=Organization
Name,L=Test Locality,ST=Test State or Province,C=CC':
Self-signed certificate encountered.
WARNING: certificate common name '' doesn't match requested host name
'172.16.210.154'.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Date: Tue, 25 Aug 2015 15:33:14 GMT
Server: Apache
cache-control: max-age=0, private, must-revalidate
vary: Accept-Encoding
x-xss-protection: 1; mode=block
x-opensuse-runtimes:
{"view":0.29869500000000004,"db":0.825372,"backend":0,"xml":0}
x-request-id: 4fee742f-a49a-4ad8-870d-e562089dabc0
x-opensuse-apiversion: 2.6.3
x-frame-options: SAMEORIGIN
x-runtime: 0.007125
x-content-type-options: nosniff
Connection: close
X-Powered-By: Phusion Passenger 5.0.7
etag: "1fac7a8b0b5a51791daf3179c386d6ac"
Status: 200 OK
Cache-Control: public
Transfer-Encoding: chunked
Content-Type: text/xml; charset=utf-8
Length: unspecified [text/xml]
Saving to: 'STDOUT'

- [<=>
] 0 --.-KB/s <person>
<login>Admin</login>
<email>root@localhost</email>
<realname>OBS Instance Superuser</realname>
<state>confirmed</state>
<globalrole>Admin</globalrole>
</person>
- [ <=>
] 180 --.-KB/s in 0s

2015-08-25 15:33:14 (10.7 MB/s) - written to stdout [180]


the old 2.4 installation would deny that request:

$ wget -Sv --no-check-certificate
https://buildapi.open-xchange.com/person/Admin -O -
--2015-08-25 15:36:13-- https://buildapi.open-xchange.com/person/Admin
Resolving buildapi.open-xchange.com... 10.20.30.240
Connecting to buildapi.open-xchange.com|10.20.30.240|:443... connected.
HTTP request sent, awaiting response...
HTTP/1.1 401 Authorization Required
Date: Tue, 25 Aug 2015 13:36:13 GMT
Server: Apache/2.2.12 (Linux/SUSE)
X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 3.0.18
X-Opensuse-APIVersion: 2.4.0
WWW-Authenticate: basic realm="API login"
X-Opensuse-Errorcode: unknown
X-Opensuse-Runtimes: {"view":0.6410629999999999,"db":0,"backend":0,"xml":0}
Cache-Control: no-cache
X-Request-Id: a5850abe01e7e3564713da42c831cb07
X-Runtime: 0.002770
X-Rack-Cache: miss
Status: 401
Content-Length: 123
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: application/xml; charset=utf-8

Username/Password Authentication Failed.


--
mit freundlichen Gruessen/with best regards,

Carsten Hoeger
Open-Xchange GmbH

--------------------------------------------------------------------------------
Open-Xchange AG, Rollnerstr. 14, 90408 Nürnberg, Amtsgericht Nürnberg HRB
24738
Vorstand: Rafael Laguna de la Vera, Carsten Dirks
Aufsichtsratsvorsitzender: Richard Seibt

European Office: Open-Xchange GmbH, Martinstr. 41, D-57462 Olpe, Germany
Amtsgericht Siegen, HRB 8718, Geschäftsführer: Frank Hoberg, Martin Kauss

US Office: Open-Xchange. Inc., 530 Lytton Avenue, Palo Alto, CA 94301, USA
--------------------------------------------------------------------------------


--

Adrian Schroeter
email: adrian@xxxxxxx

SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284
(AG Nürnberg)

Maxfeldstraße 5
90409 Nürnberg
Germany


--
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups
References