We are getting error NOAUTH Authentication required when deploying in kubernatives cluster.
we need to remove the password which has set automatically. but we don't know from where to change as no config file is there.
Related
I am trying to have users access Keycloak from a different hostname through a proxy. Instead of the actual AWS hostname aws.exampleurl.com:8080 I have a proxy which routes all traffic from example.hostname.com/auth to the AWS url. I am able to access the Keycloak welcome screen and kick off the administrator login (with failed CSS loads which I assume is due to the same issue but I'm not sure), but when I input a set of credentials I am told that there was no cookie found. I have the cookies set to allow all in my browser (Brave).
I have set the HOSTNAME_URL env var to example.hostname.com/auth, tried using a mixture of the HOSTNAME and HOSTNAME_PATH env vars. I have tried setting HOSTNAME_STRICT to false, but to no luck. I've tried restarting the service and restarting the database I have running with Keycloak but these changes have also not worked.
Any ideas on how to get this running correctly would be amazing. Let me know if more info is needed to reproduce.
I have successfully installed OKD4.8 and able to deploy applications. When I try to deploy a new application many days after the installation the pods are going to "ImagePullBackOff" state with "unauthorized: authentication required" error.
To reproduce: Install OKD4.8 and deploy a few applications and leave the setup for some days and deploy a new application then the pod is going into "ImagePullBackOff" state with "unauthorized: authentication required" error.
Log bundle
$ sudo podman pull image-registry.openshift-image-registry.svc:5000/frontend/nginx:v1.0
WARN[0000] Failed to decode the keys ["storage.options.override_kernel_check"] from "/etc/containers/storage.conf".
Trying to pull image-registry.openshift-image-registry.svc:5000/frontend/nginx:v1.0...
Error: initializing source docker://image-registry.openshift-image-registry.svc:5000/frontend/nginx:v1.0: unable to retrieve auth token: invalid username/password: unauthorized: authentication required
I think this might be happening due to the oc login session being expired which the podman fails to authenticate the default internal registry with the old token. So, kindly share me any process to avoid this kind of behaviour
Client Version: 4.8.0-0.okd-2021-11-14-052418
Server Version: 4.8.0-0.okd-2021-11-14-052418
Kubernetes Version: v1.21.2-1555+9e8f924492b7d7-dirty
I have installed OKD4.8 on VMWare machine using the UPI method.
I am attempting to set up Kerberos authentication with Freeradius. At the moment when I run radtest the authentication fails and I get the following error in my logs
(0) Login incorrect (krb5: Failed parsing username as principal: Configuration file does not specify default realm): [user/Password123] (from client localhost port 1812)
In my krb5 configuration file I have specified a service principal so I am unsure why I am getting this error. Here is a snippet for context (sensitive values modified)
krb5 {
#
# The keytab file MUST be owned by the UID/GID used by the server.
# The keytab file MUST be writable by the server.
# The keytab file MUST NOT be readable by other users on the system.
# The keytab file MUST exist before the server is started.
#
keytab = /etc/raddb/mykeytab.keytab
service_principal = http/princ#example.com
Is there anything wrong with this configuration? Or am I looking in the wrong place?
You need to either include the realm with the principal you're logging in as, or set a default realm in krb5.conf (should be in /etc/, but it might be distro-specific).
See here:
default_realm Identifies the default Kerberos realm for the client.
Set its value to your Kerberos realm. If this value is not set, then a
realm must be specified with every Kerberos principal when invoking
programs such as kinit.
I am trying to publish a Service Fabric service to my local cluster, but it never goes out of this state:
There was an error during activation.Failed to configure certificate
permissions. Error: FABRIC_E_CERTIFICATE_NOT_FOUND
Do you know what is this error related to?
How can I fix it?
As the error says, SF is unable to find the required cert in Cert store. You can find the missing cert info from the event error logs in Event Viewer-
%SystemRoot%\System32\Winevt\Logs\Microsoft-ServiceFabric%4Admin.evtx
Check using Certificate Manager if this cert is present and not expired. You can use this script also.
More info regarding the required certs can be found in this file. -
C:\SfDevCluster\Data\_App\_Node_0\{AppNameFromSf}\App.1.0.xml
I got following error when I try to use VSTS to deploy application to Azure secure cluster
An error occurred attempting to import the certificate. Ensure that your service endpoint is configured properly with a correct certificate value and, if the certificate is password-protected, a valid password. Error message: Exception calling "Import" with "3" argument(s): "Cannot find the requested object.
I copied certificate base64 string and password to Services Endpoint config. Should I do other option to let it work?
Found the problem, the url in service endpoint should use https