Forum Discussion

jaskel_40663's avatar
jaskel_40663
Icon for Nimbostratus rankNimbostratus
Nov 04, 2011

Odd authentication issue w/ iControl and Perl

Hey there,

 

 

Using the same authentication scheme as the samples in the SDK, I am receiving some odd authentication log messages. This _does_ authenticate and proceed with the rest of the script.

 

 

 

Nov 4 12:01:46 local/sv3-www-f5-3b info httpd(pam_audit)[6380]: 01070417:6: AUDIT - user ?"q??????????? - RAW: httpd(pam_audit): User=?"q??????????? tty=(unknown) host=10.10.1.30 failed to login after 1 attempts (start="Fri Nov 4 12:01:44 2011" end="Fri Nov 4 12:01:46 2011").

 

Nov 4 12:01:46 local/sv3-www-f5-3b err httpd[6380]: [error] [client 10.10.1.30] no acceptable variant: /usr/local/www/error/HTTP_UNAUTHORIZED.html.var

 

Nov 4 12:01:46 local/sv3-www-f5-3b err httpd[6393]: [error] [client 10.10.1.30] client used wrong authentication scheme: /iControl/iControlPortal.cgi

 

Nov 4 12:01:46 local/sv3-www-f5-3b err httpd[6393]: [error] [client 10.10.1.30] client used wrong authentication scheme: /iControl/iControlPortal.cgi

 

Nov 4 12:01:48 local/sv3-www-f5-3b err httpd[6393]: [error] [client 10.10.1.30] AUTHCACHE PAM: user '\x05\xab"q\xc1\xbd\xb1\xb1\x95\xc8\xe9\x8d\xc9\x01\xb4\x85\xd0' - not authenticated: User not known to the underlying authentication module

 

Nov 4 12:01:48 local/sv3-www-f5-3b info httpd(pam_audit)[6393]: User=?"q??????????? tty=(unknown) host=10.10.1.30 failed to login after 1 attempts (start="Fri Nov 4 12:01:46 2011" end="Fri Nov 4 12:01:48 2011").

 

Nov 4 12:01:48 local/sv3-www-f5-3b info httpd(pam_audit)[6393]: 01070417:6: AUDIT - user ?"q??????????? - RAW: httpd(pam_audit): User=?"q??????????? tty=(unknown) host=10.10.1.30 failed to login after 1 attempts (start="Fri Nov 4 12:01:46 2011" end="Fri Nov 4 12:01:48 2011").

 

Nov 4 12:01:48 local/sv3-www-f5-3b err httpd[6393]: [error] [client 10.10.1.30] no acceptable variant: /usr/local/www/error/HTTP_UNAUTHORIZED.html.var

 

 

 

 

 

 

 

However, if we enable TACACS+ authentication, then this log message invalidates the user we're trying to authenticate with for a period of time, rendering our tools useless.

 

 

 

 

 

It looks like, at some point, the username is being garbled, but I'm not sure where. Any pointers would be much appreciated.

 

 

 

We're using iControl SDK 10.2.0 and BIG-IP software version 10.2.2 build 763.3

 

 

 

Thanks in advance!

 

 

 

sub SOAP::Transport::HTTP::Client::get_basic_credentials {

 

return "$user" => "$pass";

 

}

 

 

 

$Pool = SOAP::Lite

 

->uri('urn:iControl:LocalLB/Pool')

 

->proxy("https://$bigip:$port/iControl/iControlPortal.cgi");

 

 

 

eval { $Pool->transport->http_request->header

 

(

 

'Authorization' =>

 

'Basic' . MIME::Base64::encode("$user:$pass", '')

 

);

 

};

 

 

 

 

 

$PoolMember = SOAP::Lite

 

->uri('urn:iControl:LocalLB/PoolMember')

 

->proxy("https://$bigip:$port/iControl/iControlPortal.cgi");

 

 

 

eval { $PoolMember->transport->http_request->header

 

(

 

'Authorization' =>

 

'Basic' . MIME::Base64::encode("$user:$pass", '')

 

);

 

};

 

 

 

$Node = SOAP::Lite

 

->uri('urn:iControl:LocalLB/NodeAddress')

 

->proxy("https://$bigip:$port/iControl/iControlPortal.cgi");

 

 

 

eval { $Node->transport->http_request->header

 

(

 

'Authorization' =>

 

'Basic' . MIME::Base64::encode("$user:$pass", '')

 

);

 

};

 

 

 

 

  • Hi,

     

     

    your code looks O.K. at least it should not generate those error messages.

     

     

    BTW: What do you mean by this: "This _does_ authenticate and proceed with the rest of the script." Do you see those error messages ALTHOUGH everything works fine?

     

     

    Some more questions:

     

     

    1.) Could you please post the whole script, or at least up to that part that causes to error messages? I would like to test it on my system.

     

     

    2.) Where is $user and $passwd defined? Are they hard coded or read from somewhere?

     

     

    3.) What OS is the system running where you execute the script?

     

     

    Regards

     

    Kurt Knochner