[Spread-users] spread IP-based authentication

Matt Garman matthew.garman at gmail.com
Mon Mar 26 12:05:46 EDT 2012 

Hi,

Using spread 4.0.0 on Linux, we'd like to use IP-based authentication.
 I asked about this a while ago[1].  In short, I added the following
two lines to my spread configuration file:

RequiredAuthMethods = "IP"
AllowedAuthMethods = "IP"

I also created a "spread.access_ip" file, and put it in all of the
following directories: (1) spread runtime directory, (2) /etc/ and (3)
/usr/local/etc/.  Here is the contents of this file:

unix
local

This seems to block *all* spread access.  I also tried adding the
following line to the file:

192.168.0.0/16

My server's IP address is within this subnet.  If I try to connect
using spuser, I get the following:

Spread library version is 4.0.0
SP_error: (-9) Connection rejected, authentication failed

Bye.

Here is what the spread log file looks like (with the startup
copyright banner removed):

Conf_load_conf_file: using file:
/usr/local/etc/spread/spread-4833-development.conf
Successfully configured Segment 0 [192.168.187.255:4833] with 1 procs:
                    lnxsvr11: 192.168.187.67
[Mon 26 Mar 2012 10:59:10] Set Alarm mask to: 1a6
[Mon 26 Mar 2012 10:59:10] Setting SO_REUSEADDR to auto
[Mon 26 Mar 2012 10:59:10] disabling Dangerous Monitor Commands!
[Mon 26 Mar 2012 10:59:10] Set runtime directory to '/var/run/spread/4833'
[Mon 26 Mar 2012 10:59:10] Set group name to 'spread'
[Mon 26 Mar 2012 10:59:10] Set user name to 'spread'
[Mon 26 Mar 2012 10:59:10] Finished configuration file.
[Mon 26 Mar 2012 10:59:10] Hash value for this configuration is: 2464631203
[Mon 26 Mar 2012 10:59:10] Conf_load_conf_file: My name: lnxsvr11, id:
192.168.187.67, port: 4833
[Mon 26 Mar 2012 10:59:10] Net_init: Bcast is not needed
[Mon 26 Mar 2012 10:59:10] Net_set_membership: I am a Segment leader
[Mon 26 Mar 2012 10:59:10] Net_set_membership: Token_address :
(192.168.187.67:4834)
[Mon 26 Mar 2012 10:59:10] Sess_init: INET bind for port 4833
interface 0.0.0.0 ok
[Mon 26 Mar 2012 10:59:10] Sess_init: INET went ok on mailbox 6
[Mon 26 Mar 2012 10:59:10] Sess_init: UNIX bind for name /tmp/4833 ok
[Mon 26 Mar 2012 10:59:10] Sess_init: UNIX went ok on mailbox 7
[Mon 26 Mar 2012 10:59:10] Sess_init: ended ok
[Mon 26 Mar 2012 10:59:10] Net_set_membership: I am a Segment leader
[Mon 26 Mar 2012 15:59:10] Net_set_membership: Token_address :
(192.168.187.67:4834)
Membership id is ( -1062683837, 1332777551)
[Mon 26 Mar 2012 15:59:10] --------------------
[Mon 26 Mar 2012 15:59:10] Configuration at lnxsvr11 is:
[Mon 26 Mar 2012 15:59:10] Num Segments 1
[Mon 26 Mar 2012 15:59:10]      1       192.168.187.255   4833
[Mon 26 Mar 2012 15:59:10]              lnxsvr11                192.168.187.67
[Mon 26 Mar 2012 15:59:10] ====================
[Mon 26 Mar 2012 15:59:10] Sess_accept: set sndbuf/rcvbuf to 204800
[Mon 26 Mar 2012 15:59:10] Setting TCP_NODELAY on socket 9
[Mon 26 Mar 2012 15:59:10] Sess_recv_client_auth: reading auth string
SHORT on mailbox 9
[Mon 26 Mar 2012 15:59:10] Sess_session_denied: Authorization denied
for -2124115 on mailbox 9
[Mon 26 Mar 2012 15:59:10] Sess_accept: set sndbuf/rcvbuf to 204800
[Mon 26 Mar 2012 15:59:10] Setting TCP_NODELAY on socket 9
[Mon 26 Mar 2012 15:59:10] Sess_recv_client_auth: reading auth string
SHORT on mailbox 9
[Mon 26 Mar 2012 15:59:10] Sess_session_denied: Authorization denied
for -2924115 on mailbox 9
[Mon 26 Mar 2012 15:59:10] Sess_accept: set sndbuf/rcvbuf to 204800
[Mon 26 Mar 2012 15:59:10] Setting TCP_NODELAY on socket 9
[Mon 26 Mar 2012 15:59:10] Sess_recv_client_auth: reading auth string
SHORT on mailbox 9
[Mon 26 Mar 2012 15:59:10] Sess_session_denied: Authorization denied
for -2924115 on mailbox 9
... (the last few lines repeat continuously)


Here is the contents of my config file:

Spread_Segment 192.168.187.255:4833 {
        lnxsvr11 192.168.187.67
}

EventTimeStamp
#DebugFlags = { PRINT EXIT }
DebugFlags = { PRINT EXIT NETWORK SESSION CONFIGURATION }
SocketPortReuse = AUTO
DangerousMonitor = false
RuntimeDir = /var/run/spread/4833
EventPriority = INFO
DaemonGroup = spread
DaemonUser = spread
RequiredAuthMethods = "IP"
AllowedAuthMethods = "IP"


Am I missing something?

Thanks!
Matt

[1] http://lists.spread.org/pipermail/spread-users/2011-November/004489.html

More information about the Spread-users mailing list