On 06.07.2010 10:12, Zhang, Vivian wrote:
The root cause of "osc ci" permission failure is caused by the double http
request for the remote resource access:
For the normal process with allow_anonymous disabled:
1. osc client sends the normal request without authentication header, then server
will give a 401 response with authentication requirement for real "API login".
2. osc client sends the same request again with authentication header which includes
the username and password, e.g.:
"Authorization: Basic amZkaW5nOm1vYmxpbjEyMw=="
Then when allow_anonymous is enabled with IP_ADDR:
1. osc client sends the normal request without authentication header, it passed the
anonymous access check since the api server has the same IP_ADDR as the webui server, it
will login with _nobody_.
Here is a workaround:
Adding one line for http_headers in ~/.oscrc, e.g.
+ http_headers: Authorization: Basic amZkaW5nOm1vYmxpbjEyMw==
The encoded string after "Basic" is the base64 encoded
"username:passwd", or you can get it from command:
#echo -n username:passwd | base64
Anyway, it is a workaround from osc client side. Any good solution on the
authentication check in server side?
Maybe it would be a good idea if the osc client always sends the authentication header by
Thomas Schmidt (tom [at] opensuse.org
openSUSE Boosters Team
"Don't Panic", Douglas Adams (1952 - 11.05.2001)
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe(a)opensuse.org
For additional commands, e-mail: opensuse-buildservice+help(a)opensuse.org