Forum Discussion
NimbostratusOdd authentication issue w/ iControl and Perl
Using the same authentication scheme as the samples in the SDK, I am receiving some odd authentication log messages. This _does_ authenticate and proceed with the rest of the script.
Nov 4 12:01:46 local/sv3-www-f5-3b info httpd(pam_audit)[6380]: 01070417:6: AUDIT - user ?"q??????????? - RAW: httpd(pam_audit): User=?"q??????????? tty=(unknown) host=10.10.1.30 failed to login after 1 attempts (start="Fri Nov 4 12:01:44 2011" end="Fri Nov 4 12:01:46 2011").
Nov 4 12:01:46 local/sv3-www-f5-3b err httpd[6380]: [error] [client 10.10.1.30] no acceptable variant: /usr/local/www/error/HTTP_UNAUTHORIZED.html.var
Nov 4 12:01:46 local/sv3-www-f5-3b err httpd[6393]: [error] [client 10.10.1.30] client used wrong authentication scheme: /iControl/iControlPortal.cgi
Nov 4 12:01:46 local/sv3-www-f5-3b err httpd[6393]: [error] [client 10.10.1.30] client used wrong authentication scheme: /iControl/iControlPortal.cgi
Nov 4 12:01:48 local/sv3-www-f5-3b err httpd[6393]: [error] [client 10.10.1.30] AUTHCACHE PAM: user '\x05\xab"q\xc1\xbd\xb1\xb1\x95\xc8\xe9\x8d\xc9\x01\xb4\x85\xd0' - not authenticated: User not known to the underlying authentication module
Nov 4 12:01:48 local/sv3-www-f5-3b info httpd(pam_audit)[6393]: User=?"q??????????? tty=(unknown) host=10.10.1.30 failed to login after 1 attempts (start="Fri Nov 4 12:01:46 2011" end="Fri Nov 4 12:01:48 2011").
Nov 4 12:01:48 local/sv3-www-f5-3b info httpd(pam_audit)[6393]: 01070417:6: AUDIT - user ?"q??????????? - RAW: httpd(pam_audit): User=?"q??????????? tty=(unknown) host=10.10.1.30 failed to login after 1 attempts (start="Fri Nov 4 12:01:46 2011" end="Fri Nov 4 12:01:48 2011").
Nov 4 12:01:48 local/sv3-www-f5-3b err httpd[6393]: [error] [client 10.10.1.30] no acceptable variant: /usr/local/www/error/HTTP_UNAUTHORIZED.html.var
However, if we enable TACACS+ authentication, then this log message invalidates the user we're trying to authenticate with for a period of time, rendering our tools useless.
It looks like, at some point, the username is being garbled, but I'm not sure where. Any pointers would be much appreciated.
We're using iControl SDK 10.2.0 and BIG-IP software version 10.2.2 build 763.3
Thanks in advance!
sub SOAP::Transport::HTTP::Client::get_basic_credentials {
return "$user" => "$pass";
}
$Pool = SOAP::Lite
->uri('urn:iControl:LocalLB/Pool')
->proxy("https://$bigip:$port/iControl/iControlPortal.cgi");
eval { $Pool->transport->http_request->header
(
'Authorization' =>
'Basic' . MIME::Base64::encode("$user:$pass", '')
);
};
$PoolMember = SOAP::Lite
->uri('urn:iControl:LocalLB/PoolMember')
->proxy("https://$bigip:$port/iControl/iControlPortal.cgi");
eval { $PoolMember->transport->http_request->header
(
'Authorization' =>
'Basic' . MIME::Base64::encode("$user:$pass", '')
);
};
$Node = SOAP::Lite
->uri('urn:iControl:LocalLB/NodeAddress')
->proxy("https://$bigip:$port/iControl/iControlPortal.cgi");
eval { $Node->transport->http_request->header
(
'Authorization' =>
'Basic' . MIME::Base64::encode("$user:$pass", '')
);
};
1 Reply
Kurt_Knochner_5Cirrus
Hi,
your code looks O.K. at least it should not generate those error messages.
BTW: What do you mean by this: "This _does_ authenticate and proceed with the rest of the script." Do you see those error messages ALTHOUGH everything works fine?
Some more questions:
1.) Could you please post the whole script, or at least up to that part that causes to error messages? I would like to test it on my system.
2.) Where is $user and $passwd defined? Are they hard coded or read from somewhere?
3.) What OS is the system running where you execute the script?
Regards
Kurt Knochner
