[Spread-users] spread IP-based authentication

Tue Apr 3 10:08:00 EDT 2012

Bump... is anyone out there using IP-based authentication?  Anyone see
any obvious problems with my configuration?

John, can you duplicate this?

Thanks again,
Matt

On Mon, Mar 26, 2012 at 11:05 AM, Matt Garman <matthew.garman at gmail.com> wrote:
> Hi,
>
> Using spread 4.0.0 on Linux, we'd like to use IP-based authentication.
>  I asked about this a while ago[1].  In short, I added the following
> two lines to my spread configuration file:
>
> RequiredAuthMethods = "IP"
> AllowedAuthMethods = "IP"
>
> I also created a "spread.access_ip" file, and put it in all of the
> following directories: (1) spread runtime directory, (2) /etc/ and (3)
> /usr/local/etc/.  Here is the contents of this file:
>
> unix
> local
>
> This seems to block *all* spread access.  I also tried adding the
> following line to the file:
>
> 192.168.0.0/16
>
> My server's IP address is within this subnet.  If I try to connect
> using spuser, I get the following:
>
> Spread library version is 4.0.0
> SP_error: (-9) Connection rejected, authentication failed
>
> Bye.
>
> Here is what the spread log file looks like (with the startup
> copyright banner removed):
>
> Conf_load_conf_file: using file:
> /usr/local/etc/spread/spread-4833-development.conf
> Successfully configured Segment 0 [192.168.187.255:4833] with 1 procs:
>                    lnxsvr11: 192.168.187.67
> [Mon 26 Mar 2012 10:59:10] Set Alarm mask to: 1a6
> [Mon 26 Mar 2012 10:59:10] Setting SO_REUSEADDR to auto
> [Mon 26 Mar 2012 10:59:10] disabling Dangerous Monitor Commands!
> [Mon 26 Mar 2012 10:59:10] Set runtime directory to '/var/run/spread/4833'
> [Mon 26 Mar 2012 10:59:10] Set group name to 'spread'
> [Mon 26 Mar 2012 10:59:10] Set user name to 'spread'
> [Mon 26 Mar 2012 10:59:10] Finished configuration file.
> [Mon 26 Mar 2012 10:59:10] Hash value for this configuration is: 2464631203
> [Mon 26 Mar 2012 10:59:10] Conf_load_conf_file: My name: lnxsvr11, id:
> 192.168.187.67, port: 4833
> [Mon 26 Mar 2012 10:59:10] Net_init: Bcast is not needed
> [Mon 26 Mar 2012 10:59:10] Net_set_membership: I am a Segment leader
> [Mon 26 Mar 2012 10:59:10] Net_set_membership: Token_address :
> (192.168.187.67:4834)
> [Mon 26 Mar 2012 10:59:10] Sess_init: INET bind for port 4833
> interface 0.0.0.0 ok
> [Mon 26 Mar 2012 10:59:10] Sess_init: INET went ok on mailbox 6
> [Mon 26 Mar 2012 10:59:10] Sess_init: UNIX bind for name /tmp/4833 ok
> [Mon 26 Mar 2012 10:59:10] Sess_init: UNIX went ok on mailbox 7
> [Mon 26 Mar 2012 10:59:10] Sess_init: ended ok
> [Mon 26 Mar 2012 10:59:10] Net_set_membership: I am a Segment leader
> [Mon 26 Mar 2012 15:59:10] Net_set_membership: Token_address :
> (192.168.187.67:4834)
> Membership id is ( -1062683837, 1332777551)
> [Mon 26 Mar 2012 15:59:10] --------------------
> [Mon 26 Mar 2012 15:59:10] Configuration at lnxsvr11 is:
> [Mon 26 Mar 2012 15:59:10] Num Segments 1
> [Mon 26 Mar 2012 15:59:10]      1       192.168.187.255   4833
> [Mon 26 Mar 2012 15:59:10]              lnxsvr11                192.168.187.67
> [Mon 26 Mar 2012 15:59:10] ====================
> [Mon 26 Mar 2012 15:59:10] Sess_accept: set sndbuf/rcvbuf to 204800
> [Mon 26 Mar 2012 15:59:10] Setting TCP_NODELAY on socket 9
> [Mon 26 Mar 2012 15:59:10] Sess_recv_client_auth: reading auth string
> SHORT on mailbox 9
> [Mon 26 Mar 2012 15:59:10] Sess_session_denied: Authorization denied
> for -2124115 on mailbox 9
> [Mon 26 Mar 2012 15:59:10] Sess_accept: set sndbuf/rcvbuf to 204800
> [Mon 26 Mar 2012 15:59:10] Setting TCP_NODELAY on socket 9
> [Mon 26 Mar 2012 15:59:10] Sess_recv_client_auth: reading auth string
> SHORT on mailbox 9
> [Mon 26 Mar 2012 15:59:10] Sess_session_denied: Authorization denied
> for -2924115 on mailbox 9
> [Mon 26 Mar 2012 15:59:10] Sess_accept: set sndbuf/rcvbuf to 204800
> [Mon 26 Mar 2012 15:59:10] Setting TCP_NODELAY on socket 9
> [Mon 26 Mar 2012 15:59:10] Sess_recv_client_auth: reading auth string
> SHORT on mailbox 9
> [Mon 26 Mar 2012 15:59:10] Sess_session_denied: Authorization denied
> for -2924115 on mailbox 9
> ... (the last few lines repeat continuously)
>
>
> Here is the contents of my config file:
>
> Spread_Segment 192.168.187.255:4833 {
>        lnxsvr11 192.168.187.67
> }
>
> EventTimeStamp
> #DebugFlags = { PRINT EXIT }
> DebugFlags = { PRINT EXIT NETWORK SESSION CONFIGURATION }
> SocketPortReuse = AUTO
> DangerousMonitor = false
> RuntimeDir = /var/run/spread/4833
> EventPriority = INFO
> DaemonGroup = spread
> DaemonUser = spread
> RequiredAuthMethods = "IP"
> AllowedAuthMethods = "IP"
>
>
> Am I missing something?
>
> Thanks!
> Matt
>
> [1] http://lists.spread.org/pipermail/spread-users/2011-November/004489.html