[Spread-users] non default RequiredAuthMethods doesn't work.

[Gregory Cavanagh]

Chad,

I am trying to do the same thing and am having the same problem on a redhat enterprise box.

I did an strace on spread and it did open and read my /etc/spread.access_ip.
However it doesn't seem to ever init my ip list and I never see the 
"ip_init: using file: /etc/spread.access_ip" message.

I have tried RequiredauthMethods and AllowedAuthMethods as you did.

Stuck and would greatly appreciate hearing what the secret configuration options are.

--Greg

>Hi,

>I have run version 3.17.2 on my desktop machine for a while (Slackware 
>9.1).  I never changed the RequiredAuthMethods or AllowedAuthMethods lines 
>in spread.conf.

>Recently I tried to run 3.17.3 on another machine (Slackware 10.0). 
>I am trying to get the "IP" auth method working.  If I leave the 
>RequiredAuthMethods or AllowedAuthMethods lines commented out I can 
>connect with spuser.

>As soon as I uncomment either of those two lines I am no longer able to 
>connect.

>   $ spuser
>   Spread library version is 3.17.3
>   SP_error: (-9) Connection rejected, authentication failed

>   Bye.

>I have been adding some printfs to the code.  I figured out that empty 
>lines in spread.access_ip seem to cause problems so I removed everything 
>except the following five lines.  One is the server IP and one is my 
>desktop IP.  I put the localhost IP in there to see if it would work.

>   unix
>   local
>   127.0.0.1
>   66.244.238.43
>   68.144.176.6

>I also tried with the lines including a "/32" mask but that didn't work. 
>It looks like the code assumes "/32" if none is provided.
>
>Right now the auth lines in spread.conf look like:

>   RequiredAuthMethods = "IP"
>   AllowedAuthMethods = "IP"

>The output from the printfs I've added are below.  They include the 
>function name, the source code line number (which won't mean much to you) 
>and usually the value of a variable.

>   CHAD : 'Acm_auth_get_allowed_list' called
>   CHAD : 'Acm_auth_get_allowed_list' '291' Num_Auth_Methods: '2'
>   CHAD : 'Acm_auth_get_allowed_list' '296' : '0'  enabled '0'  name 'NULL'
>   CHAD : 'Acm_auth_get_allowed_list' '296' : '1'  enabled '1'  name 'IP'
>   CHAD : 'Acm_auth_get_allowed_list' '308' list: 'IP '
>   CHAD : 'Sess_accept_continue' '845' list_len: '3'
>   CHAD : 'Sess_accept_continue' '846' allowed_auth_list: 'IP '
>   CHAD : 'Sess_recv_client_auth' called
>   CHAD : 'Sess_recv_client_auth' '893' auth_name ''
>   Sess_recv_client_auth: reading auth string SHORT on mailbox 9

>It looks the authentication system is looking for an authentication name 
>from the client.  I'm running spuser without any command line 
>arguments but I also tried spuser -s 4803 at ip_addr without any luck.

>I've tried running spuser from the same machine as spread is running on 
>and from my desktop machine.  I also upgraded my desktop version to 
>3.17.03.

>Is there a setting that I'm missing somewhere?  I didn't see anything in 
>the user guide PDF file I would keep digging but I don't have any time to 
>work on it for a couple days so I figured I would just ask and hope 
>someone has an answer.

>Thanks,
>/Chad