[Moabusers] moab + gold

Wed Jun 7 13:00:40 MDT 2006

Scott,

Sorry I didn't reply earlier. This is working well for us now, thanks.

--andy

> Subject: Re: [Moabusers] moab + gold
> 
> -----Original Message-----
> From: Scott Jackson [mailto:scottmo at clusterresources.com] 
> Sent: Thursday, April 13, 2006 5:44 PM
> To: Caird, Andrew J
> Cc: moabusers at supercluster.org

> Andy,
> 
> I examined this issue and had to make a code change to 
> support disabling Gold authentication in Moab. We pushed out 
> a new snapshot with the fix.
> It should just work as you have it now. When it comes time 
> that you would like to turn authentication back on in Moab, 
> you will have to add the CLIENTCFG[AM:bank] ALGO=HMAC 
> KEY=mysecret line into moab-private.cfg. With the new change, 
> ALGO=NONE or leaving it blank has the effect of disabling 
> Gold authentication.
> 
> Let me know if you have any trouble,
> 
> Scott
> 
> 
> On Thu, 2006-04-13 at 16:07 -0400, Andrew J Caird wrote:
> > Hi Scott,
> > 
> > Yes, I have a moab-private.cfg, but there's nothing in it.  
> Is there a 
> > default security in moab that needs to over-ridden somewhere?
> > 
> > Thanks.
> > --andy
> > 
> > On Thu, 13 Apr 2006, Scott Jackson wrote:
> > 
> > > Andy,
> > >
> > > Does Moab have a moab-private.cfg file with a CLIENTCFG line for 
> > > your AM (with CSALGO or ALGO specified)? If so, try removing that 
> > > line (or renaming the entire file if that is the only 
> thing in it). 
> > > Let me know if that works.
> > >
> > > Scott
> > >
> > > On Wed, 2006-04-12 at 14:25 -0400, Andrew J Caird wrote:
> > >> We've been using Gold with Maui for a while and have had 
> good luck.
> > > We're
> > >> slowly implementing Moab and it isn't talking nicely to our Gold 
> > >> installation.
> > >>
> > >> We have:
> > >>
> > >>     security.authentication = false
> > >>
> > >> in goldd.conf, but Moab seems to be sending auth information to 
> > >> Gold
> > > (see
> > >> below).  Since I don't want to try to get our Maui 
> installations to 
> > >> do
> > >
> > >> authentication now, how can I get Moab to just be happy chatting 
> > >> insecurely?
> > >>
> > >> Thanks for any advice.
> > >> --andy
> > >>
> > >> 2006-04-12 11:56:04.049 INFO  main::  New Connection Received
> > >> 2006-04-12 11:56:04.052 TRACE Gold::Message::new  invoked with
> > > arguments: (connection => IO::Socket::INET=GLOB(0x96a9ad4))
> > >> 2006-04-12 11:56:04.052 TRACE 
> Gold::Message::receiveChunk  invoked
> > > with arguments: ()
> > >> 2006-04-12 11:56:04.053 DEBUG Gold::Message::receiveChunk  Read
> > > message header (POST /SSSRMAP3 HTTP/1.1
> > >> 2006-04-12 11:56:04.054 INFO  Gold::Message::receiveChunk  Read
> > > message payload (351, <Envelope 
> component="ClusterScheduler" count="1"
> > > name="moab"
> > > 
> version="4.5.0p0"><Signature><DigestValue>Ki+eYe2e4BjFBYMv7whH0Y6AEs
> > > c=</
> > > 
> DigestValue><SignatureValue>9F0Sm1FFaB336lTbMsn4IAdAnoU=</SignatureV
> > > DigestValue>alue
> > >> </Signature><Body actor="root"><Request action="Query"
> > > actor="root"><Object>System</Object><Get
> > > name="Version"></Get></Request></Body></Envelope>).
> > >> 2006-04-12 11:56:04.054 TRACE Gold::Message::unmarshallChunk  
> > >> invoked
> > > with arguments: (<Envelope component="ClusterScheduler" count="1"
> > > name="moab"
> > > 
> version="4.5.0p0"><Signature><DigestValue>Ki+eYe2e4BjFBYMv7whH0Y6AEs
> > > c=</
> > > 
> DigestValue><SignatureValue>9F0Sm1FFaB336lTbMsn4IAdAnoU=</SignatureV
> > > DigestValue>alue
> > >> </Signature><Body actor="root"><Request action="Query"
> > > actor="root"><Object>System</Object><Get
> > > name="Version"></Get></Request></Body></Envelope>)
> > >> 2006-04-12 11:56:04.056 TRACE Gold::Chunk::authenticate  invoked 
> > >> with
> > > arguments: (XML::LibXML::Document=SCALAR(0x96aa0f8))
> > >> 2006-04-12 11:56:04.057 DEBUG Gold::Chunk::authenticate  The 
> > >> security
> > > token type is (Symmetric).
> > >> 2006-04-12 11:56:04.057 DEBUG Gold::Chunk::authenticate  The
> > > canonicalized body text is (<Body actor="root"><Request 
> action="Query"
> > > actor="root"><Object>System</Object><Get
> > > name="Version"></Get></Request></Body>).
> > >> 2006-04-12 11:56:04.058 DEBUG Gold::Chunk::authenticate  The
> > > base64-encoded message digest is (Ki+eYe2e4BjFBYMv7whH0Y6AEsc=).
> > >> 2006-04-12 11:56:04.059 DEBUG Gold::Chunk::authenticate  The
> > > base64-encoded MAC is (Li3c8/u2v//jfxZHzFgqBl3j4+o=).
> > >> 2006-04-12 11:56:04.063 ERROR Gold::Exception::new  Incoming MAC 
> > >> does
> > > not match calculated MAC at 
> /usr/local/gold/lib/Gold/Chunk.pm line 
> > > 597
> > >> 2006-04-12 11:56:04.065 ERROR Gold::Exception::new  Failed
> > > authenticating message: (Incoming MAC does not match calculated 
> > > MAC). at /usr/local/gold/lib/Gold/Message.pm line 716
> > >> 2006-04-12 11:56:04.070 ERROR main::__ANON__  Gold 
> server error (424):
> > > Failed authenticating message: (Incoming MAC does not match 
> > > calculated MAC)..
> > >> 2006-04-12 11:56:04.071 TRACE Gold::Response::new  invoked with
> > > arguments: ()
> > >> 2006-04-12 11:56:04.071 TRACE Gold::Response::failure  
> invoked with
> > > arguments: (424, Failed authenticating message: (Incoming 
> MAC does 
> > > not match calculated MAC).)
> > >> 2006-04-12 11:56:04.072 TRACE Gold::Reply::new  invoked with
> > > arguments: (connection => IO::Socket::INET=GLOB(0x96a9ad4))
> > >> 2006-04-12 11:56:04.072 TRACE Gold::Reply::sendChunk  
> invoked with
> > > arguments: (Gold::Chunk=HASH(0x96aa53c))
> > >> 2006-04-12 11:56:04.073 DEBUG Gold::Reply::sendChunk  
> Writing reply
> > > header (HTTP/1.1 200 OK
> > >> 2006-04-12 11:56:04.073 TRACE Gold::Reply::marshallChunk 
>  invoked 
> > >> with
> > > arguments: (Gold::Chunk=HASH(0x96aa53c))
> > >> 2006-04-12 11:56:04.074 INFO  Gold::Reply::sendChunk  
> Writing reply
> > > payload (102, <?xml version="1.0" encoding="UTF-8"?>
> > >> _______________________________________________
> > >> moabusers mailing list
> > >> moabusers at supercluster.org
> > >> http://www.supercluster.org/mailman/listinfo/moabusers
> > >
> > >
> 
> 