Search Results

Search found 3544 results on 142 pages for 'auth token'.

Page 1/142 | 1 2 3 4 5 6 7 8 9 10 11 12 | Next Page >

any clue in these logs why keyboard audio and internet are messed up

- by mmj

Jun 7 00:01:18 Isis lightdm: pam_unix(lightdm-autologin:session): session opened for user mimi by (uid=0) Jun 7 00:01:18 Isis lightdm: pam_ck_connector(lightdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Jun 7 00:01:26 Isis polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.36 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale zh_CN.UTF-8) Jun 7 00:01:29 Isis dbus[610]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.44" (uid=1000 pid=1763 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.15" (uid=0 pid=1219 comm="/usr/sbin/console-kit-daemon --no-daemon ") Jun 7 00:07:55 Isis sudo: pam_unix(sudo:auth): authentication failure; logname=mimi uid=1000 euid=0 tty=/dev/pts/1 ruser=mimi rhost= user=mimi Jun 7 00:08:11 Isis sudo: mimi : TTY=pts/1 ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/add-apt-repository ppa:colingille/freshlight Jun 7 00:08:11 Isis sudo: pam_unix(sudo:session): session opened for user root by mimi(uid=1000) Jun 7 00:08:32 Isis sudo: pam_unix(sudo:session): session closed for user root Jun 7 00:11:20 Isis sudo: mimi : TTY=pts/1 ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/apt-get install gparted Jun 7 00:11:20 Isis sudo: pam_unix(sudo:session): session opened for user root by mimi(uid=1000) Jun 7 00:11:59 Isis sudo: pam_unix(sudo:session): session closed for user root Jun 7 00:17:02 Isis CRON[2651]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 00:17:02 Isis CRON[2651]: pam_unix(cron:session): session closed for user root Jun 7 00:17:32 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:mimi to gain ONE-SHOT authorization for action com.ubuntu.pkexec.gparted for unix-process:2655:96838 [/bin/sh /usr/bin/gparted-pkexec] (owned by unix-user:mimi) Jun 7 00:17:32 Isis pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Jun 7 00:17:32 Isis pkexec: pam_ck_connector(polkit-1:session): cannot determine display-device Jun 7 00:17:32 Isis pkexec[2657]: mimi: Executing command [USER=root] [TTY=unknown] [CWD=/home/mimi] [COMMAND=/usr/sbin/gparted] Jun 7 00:48:15 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:mimi to gain ONE-SHOT authorization for action com.ubuntu.pkexec.gparted for unix-process:3813:281120 [/bin/sh /usr/bin/gparted-pkexec] (owned by unix-user:mimi) Jun 7 00:48:15 Isis pkexec: pam_unix(polkit-1:session): session opened for user root by (uid=1000) Jun 7 00:48:15 Isis pkexec: pam_ck_connector(polkit-1:session): cannot determine display-device Jun 7 00:48:15 Isis pkexec[3815]: mimi: Executing command [USER=root] [TTY=unknown] [CWD=/home/mimi] [COMMAND=/usr/sbin/gparted] Jun 7 01:17:01 Isis CRON[3960]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 01:17:01 Isis CRON[3960]: pam_unix(cron:session): session closed for user root Jun 7 02:08:52 Isis gnome-screensaver-dialog: gkr-pam: unlocked login keyring Jun 7 02:17:01 Isis CRON[4246]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 02:17:01 Isis CRON[4246]: pam_unix(cron:session): session closed for user root Jun 7 02:17:05 Isis sudo: mimi : TTY=pts/1 ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/apt-get install unetbootin Jun 7 02:17:05 Isis sudo: pam_unix(sudo:session): session opened for user root by mimi(uid=1000) Jun 7 02:17:57 Isis sudo: pam_unix(sudo:session): session closed for user root Jun 7 02:18:59 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:18:59 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:18:59 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:18:59 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:18:59 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:18:59 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:18:59 Isis sudo: mimi : 3 incorrect password attempts ; TTY=unknown ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/unetbootin 'rootcheck=no' Jun 7 02:18:59 Isis sudo: unable to execute /usr/sbin/sendmail: No such file or directory Jun 7 02:19:26 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:19:26 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:19:26 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:19:26 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:19:26 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:19:26 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:19:26 Isis sudo: mimi : 3 incorrect password attempts ; TTY=unknown ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/unetbootin 'rootcheck=no' Jun 7 02:19:26 Isis sudo: unable to execute /usr/sbin/sendmail: No such file or directory Jun 7 02:33:21 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:33:21 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:33:21 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:33:21 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:33:21 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 02:33:21 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 02:33:21 Isis sudo: mimi : 3 incorrect password attempts ; TTY=unknown ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/unetbootin 'rootcheck=no' Jun 7 02:33:21 Isis sudo: unable to execute /usr/sbin/sendmail: No such file or directory Jun 7 02:40:04 Isis sudo: mimi : TTY=pts/1 ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/unetbootin rootcheck=no Jun 7 02:40:04 Isis sudo: pam_unix(sudo:session): session opened for user root by mimi(uid=1000) Jun 7 03:17:01 Isis CRON[5506]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 03:17:01 Isis CRON[5506]: pam_unix(cron:session): session closed for user root Jun 7 03:33:24 Isis sudo: pam_unix(sudo:session): session closed for user root Jun 7 03:33:43 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 03:33:43 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 03:33:43 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 03:33:43 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 03:33:43 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 03:33:43 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 03:33:43 Isis sudo: mimi : 3 incorrect password attempts ; TTY=pts/1 ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/unetbootin showall=yes 'rootcheck=no' Jun 7 03:33:43 Isis sudo: unable to execute /usr/sbin/sendmail: No such file or directory Jun 7 04:17:01 Isis CRON[6119]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 04:17:01 Isis CRON[6119]: pam_unix(cron:session): session closed for user root Jun 7 04:18:35 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:mimi to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.79 [/usr/bin/python /usr/bin/landscape-client-ui-install] (owned by unix-user:mimi) Jun 7 04:19:11 Isis groupadd[6702]: group added to /etc/group: name=landscape, GID=127 Jun 7 04:19:11 Isis groupadd[6702]: group added to /etc/gshadow: name=landscape Jun 7 04:19:11 Isis groupadd[6702]: new group: name=landscape, GID=127 Jun 7 04:19:11 Isis useradd[6706]: new user: name=landscape, UID=115, GID=127, home=/var/lib/landscape, shell=/bin/false Jun 7 04:19:12 Isis usermod[6711]: change user 'landscape' password Jun 7 04:19:12 Isis chage[6716]: changed password expiry for landscape Jun 7 04:19:37 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action com.canonical.LandscapeClientSettings.configure for unix-process:6146:1543697 [/usr/bin/python /usr/bin/landscape-client-settings-ui] (owned by unix-user:mimi) Jun 7 04:20:20 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action com.canonical.LandscapeClientSettings.configure for unix-process:6832:1555313 [/usr/bin/python /usr/bin/landscape-client-settings-ui] (owned by unix-user:mimi) Jun 7 04:21:04 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action com.ubuntu.languageselector.setsystemdefaultlanguage for unix-process:6827:1555123 [/usr/bin/python /usr/bin/gnome-language-selector] (owned by unix-user:mimi) Jun 7 04:21:08 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action com.ubuntu.languageselector.setsystemdefaultlanguage for unix-process:6827:1555123 [/usr/bin/python /usr/bin/gnome-language-selector] (owned by unix-user:mimi) Jun 7 04:21:44 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.87 [/usr/bin/python /usr/bin/gnome-language-selector] (owned by unix-user:mimi) Jun 7 04:22:27 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:mimi to gain TEMPORARY authorization for action com.canonical.LandscapeClientSettings.configure for unix-process:7830:1567424 [/usr/bin/python /usr/bin/landscape-client-settings-ui] (owned by unix-user:mimi) Jun 7 04:25:50 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action com.ubuntu.languageselector.setsystemdefaultlanguage for unix-process:7876:1584865 [/usr/bin/python /usr/bin/gnome-language-selector] (owned by unix-user:mimi) Jun 7 04:25:52 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action com.ubuntu.languageselector.setsystemdefaultlanguage for unix-process:7876:1584865 [/usr/bin/python /usr/bin/gnome-language-selector] (owned by unix-user:mimi) Jun 7 05:11:57 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:mimi to gain TEMPORARY authorization for action org.debian.apt.install-or-remove-packages for system-bus-name::1.95 [/usr/bin/python /usr/bin/gnome-language-selector] (owned by unix-user:mimi) Jun 7 05:17:02 Isis CRON[8708]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 05:17:02 Isis CRON[8708]: pam_unix(cron:session): session closed for user root Jun 7 05:28:03 Isis lightdm: pam_unix(lightdm-autologin:session): session opened for user mimi by (uid=0) Jun 7 05:28:03 Isis lightdm: pam_ck_connector(lightdm-autologin:session): nox11 mode, ignoring PAM_TTY :0 Jun 7 05:28:17 Isis polkitd(authority=local): Registered Authentication Agent for unix-session:/org/freedesktop/ConsoleKit/Session1 (system bus name :1.32 [/usr/lib/policykit-1-gnome/polkit-gnome-authentication-agent-1], object path /org/gnome/PolicyKit1/AuthenticationAgent, locale en_US.UTF-8) Jun 7 05:28:32 Isis dbus[660]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.44" (uid=1000 pid=1736 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.17" (uid=0 pid=1333 comm="/usr/sbin/console-kit-daemon --no-daemon ") Jun 7 06:17:01 Isis CRON[2391]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 06:17:02 Isis CRON[2391]: pam_unix(cron:session): session closed for user root Jun 7 06:25:02 Isis CRON[2492]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 06:25:02 Isis CRON[2492]: pam_unix(cron:session): session closed for user root Jun 7 07:17:01 Isis CRON[3174]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 07:17:01 Isis CRON[3174]: pam_unix(cron:session): session closed for user root Jun 7 07:30:01 Isis CRON[3397]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 07:30:01 Isis CRON[3397]: pam_unix(cron:session): session closed for user root Jun 7 08:09:01 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:09:01 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:09:01 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:09:01 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:09:01 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:09:01 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:09:01 Isis sudo: mimi : 3 incorrect password attempts ; TTY=unknown ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/share/checkbox/backend --path=/usr/share/checkbox/scripts:/usr/lib/lightdm/lightdm:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games /tmp/checkboxQbuE6V/input /tmp/checkboxQbuE6V/output Jun 7 08:09:01 Isis sudo: unable to execute /usr/sbin/sendmail: No such file or directory Jun 7 08:09:59 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:09:59 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:09:59 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:09:59 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:09:59 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:09:59 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:09:59 Isis sudo: mimi : 3 incorrect password attempts ; TTY=unknown ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/share/checkbox/backend --path=/usr/share/checkbox/scripts:/usr/lib/lightdm/lightdm:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games /tmp/checkboxQbuE6V/input /tmp/checkboxQbuE6V/output Jun 7 08:09:59 Isis sudo: unable to execute /usr/sbin/sendmail: No such file or directory Jun 7 08:10:55 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:10:55 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:10:55 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:10:55 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:10:55 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 08:10:55 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 08:10:55 Isis sudo: mimi : 3 incorrect password attempts ; TTY=unknown ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/share/checkbox/backend --path=/usr/share/checkbox/scripts:/usr/lib/lightdm/lightdm:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games /tmp/checkboxQbuE6V/input /tmp/checkboxQbuE6V/output Jun 7 08:10:55 Isis sudo: unable to execute /usr/sbin/sendmail: No such file or directory Jun 7 08:17:01 Isis CRON[4215]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 08:17:01 Isis CRON[4215]: pam_unix(cron:session): session closed for user root Jun 7 09:17:02 Isis CRON[4766]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 09:17:02 Isis CRON[4766]: pam_unix(cron:session): session closed for user root Jun 7 10:17:02 Isis CRON[5046]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 10:17:02 Isis CRON[5046]: pam_unix(cron:session): session closed for user root Jun 7 11:17:02 Isis CRON[5325]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 11:17:02 Isis CRON[5325]: pam_unix(cron:session): session closed for user root Jun 7 12:17:01 Isis CRON[5617]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 12:17:01 Isis CRON[5617]: pam_unix(cron:session): session closed for user root Jun 7 13:07:51 Isis gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): authentication failure; logname= uid=1000 euid=1000 tty=:0.0 ruser= rhost= user=mimi Jun 7 13:07:51 Isis gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): getting password (0x00000388) Jun 7 13:07:51 Isis gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): pam_get_item returned a password Jun 7 13:07:51 Isis gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): request wbcLogonUser failed: WBC_ERR_AUTH_ERROR, PAM error: PAM_USER_UNKNOWN (10), NTSTATUS: NT_STATUS_NO_SUCH_USER, Error message was: No such user Jun 7 13:08:03 Isis gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): conversation failed Jun 7 13:08:03 Isis gnome-screensaver-dialog: pam_unix(gnome-screensaver:auth): auth could not identify password for [mimi] Jun 7 13:08:03 Isis gnome-screensaver-dialog: pam_winbind(gnome-screensaver:auth): getting password (0x00000388) Jun 7 13:08:08 Isis lightdm: pam_unix(lightdm:session): session opened for user lightdm by (uid=0) Jun 7 13:08:08 Isis lightdm: pam_ck_connector(lightdm:session): nox11 mode, ignoring PAM_TTY :1 Jun 7 13:08:13 Isis lightdm: pam_succeed_if(lightdm:auth): requirement "user ingroup nopasswdlogin" not met by user "mimi" Jun 7 13:08:16 Isis dbus[660]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.91" (uid=104 pid=5961 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.17" (uid=0 pid=1333 comm="/usr/sbin/console-kit-daemon --no-daemon ") Jun 7 13:08:18 Isis dbus[660]: [system] Rejected send message, 2 matched rules; type="method_call", sender=":1.98" (uid=104 pid=5999 comm="/usr/lib/indicator-datetime/indicator-datetime-ser") interface="org.freedesktop.DBus.Properties" member="GetAll" error name="(unset)" requested_reply="0" destination=":1.17" (uid=0 pid=1333 comm="/usr/sbin/console-kit-daemon --no-daemon ") Jun 7 13:10:15 Isis lightdm: pam_unix(lightdm:session): session closed for user lightdm Jun 7 13:17:02 Isis CRON[6181]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 13:17:02 Isis CRON[6181]: pam_unix(cron:session): session closed for user root Jun 7 13:55:14 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 13:55:14 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 13:55:14 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 13:55:14 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 13:55:14 Isis sudo: pam_unix(sudo:auth): conversation failed Jun 7 13:55:14 Isis sudo: pam_unix(sudo:auth): auth could not identify password for [mimi] Jun 7 13:55:14 Isis sudo: mimi : 3 incorrect password attempts ; TTY=unknown ; PWD=/home/mimi ; USER=root ; COMMAND=/usr/bin/unetbootin 'rootcheck=no' Jun 7 13:55:14 Isis sudo: unable to execute /usr/sbin/sendmail: No such file or directory Jun 7 14:02:33 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action com.canonical.LandscapeClientSettings.configure for unix-process:6736:3087856 [/usr/bin/python /usr/bin/landscape-client-settings-ui] (owned by unix-user:mimi) Jun 7 14:02:51 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 FAILED to authenticate to gain authorization for action com.canonical.LandscapeClientSettings.configure for unix-process:6752:3089992 [/usr/bin/python /usr/bin/landscape-client-settings-ui] (owned by unix-user:mimi) Jun 7 14:03:14 Isis polkitd(authority=local): Operator of unix-session:/org/freedesktop/ConsoleKit/Session1 successfully authenticated as unix-user:mimi to gain TEMPORARY authorization for action com.canonical.LandscapeClientSettings.configure for unix-process:6763:3092515 [/usr/bin/python /usr/bin/landscape-client-settings-ui] (owned by unix-user:mimi) Jun 7 14:17:01 Isis CRON[6933]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 14:17:01 Isis CRON[6933]: pam_unix(cron:session): session closed for user root Jun 7 15:17:02 Isis CRON[7611]: pam_unix(cron:session): session opened for user root by (uid=0) Jun 7 15:17:02 Isis CRON[7611]: pam_unix(cron:session): session closed for user root

Read the article
django: failing tests from django.contrib.auth

- by gruszczy

When I run my django test I get following errors, that are outside of my test suite: ====================================================================== ERROR: test_known_user (django.contrib.auth.tests.remote_user.RemoteUserCustomTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 160, in test_known_user super(RemoteUserCustomTest, self).test_known_user() File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 67, in test_known_user self.assertEqual(response.context['user'].username, 'knownuser') TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_last_login (django.contrib.auth.tests.remote_user.RemoteUserCustomTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 87, in test_last_login self.assertNotEqual(default_login, response.context['user'].last_login) TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_no_remote_user (django.contrib.auth.tests.remote_user.RemoteUserCustomTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 33, in test_no_remote_user self.assert_(isinstance(response.context['user'], AnonymousUser)) TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_unknown_user (django.contrib.auth.tests.remote_user.RemoteUserCustomTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 168, in test_unknown_user super(RemoteUserCustomTest, self).test_unknown_user() File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 51, in test_unknown_user self.assertEqual(response.context['user'].username, 'newuser') TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_known_user (django.contrib.auth.tests.remote_user.RemoteUserNoCreateTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 67, in test_known_user self.assertEqual(response.context['user'].username, 'knownuser') TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_last_login (django.contrib.auth.tests.remote_user.RemoteUserNoCreateTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 87, in test_last_login self.assertNotEqual(default_login, response.context['user'].last_login) TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_no_remote_user (django.contrib.auth.tests.remote_user.RemoteUserNoCreateTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 33, in test_no_remote_user self.assert_(isinstance(response.context['user'], AnonymousUser)) TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_unknown_user (django.contrib.auth.tests.remote_user.RemoteUserNoCreateTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 118, in test_unknown_user self.assert_(isinstance(response.context['user'], AnonymousUser)) TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_known_user (django.contrib.auth.tests.remote_user.RemoteUserTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 67, in test_known_user self.assertEqual(response.context['user'].username, 'knownuser') TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_last_login (django.contrib.auth.tests.remote_user.RemoteUserTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 87, in test_last_login self.assertNotEqual(default_login, response.context['user'].last_login) TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_no_remote_user (django.contrib.auth.tests.remote_user.RemoteUserTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 33, in test_no_remote_user self.assert_(isinstance(response.context['user'], AnonymousUser)) TypeError: 'NoneType' object is unsubscriptable ====================================================================== ERROR: test_unknown_user (django.contrib.auth.tests.remote_user.RemoteUserTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/remote_user.py", line 51, in test_unknown_user self.assertEqual(response.context['user'].username, 'newuser') TypeError: 'NoneType' object is unsubscriptable ====================================================================== FAIL: test_current_site_in_context_after_login (django.contrib.auth.tests.views.LoginTest) ---------------------------------------------------------------------- Traceback (most recent call last): File "/usr/lib/pymodules/python2.6/django/contrib/auth/tests/views.py", line 190, in test_current_site_in_context_after_login self.assertEquals(response.status_code, 200) AssertionError: 302 != 200 Could anyone explain me, what am I doing wrong or what I should set to get those tests pass?

Read the article
API Auth vs User Auth

- by user1626384

I have read many posts and articles on this topic but still cant connect the dots. I want to make a Rails app that is strictly a JSON API maybe using Sinatra or the rails-api gem. I also want to make both a web client app and an iPhone app which consumes the API. No plans on letting third party dev's use it. So I could create a separate username/password combination for both the web and mobile client and use HTTP Basic over SSL. Each app would have these values as configs in the source and use it to authenticate to the API so only these can make a call. Anyone else trying would get a 401 error returned. This would be considered handling the API authentication. The web and mobile client apps allow end users to sign up and read/write data to the API. When each user is created, I create and save a token in their profile. If a user successfully signs in, I send back the token. On each future read/write then also send along this token in the header. I get the token and lookup the user in the database and make the read/write. Does this sound like an appropriate way to handle it. For the web client, when I initially send back the token, where do I store it. In a cookie? Do I also drop a cookie to handle session state?

Read the article
Token based Authentication for WCF HTTP/REST Services: Authentication

- by Your DisplayName here!

This post shows some of the implementation techniques for adding token and claims based security to HTTP/REST services written with WCF. For the theoretical background, see my previous post. Disclaimer The framework I am using/building here is not the only possible approach to tackle the problem. Based on customer feedback and requirements the code has gone through several iterations to a point where we think it is ready to handle most of the situations. Goals and requirements The framework should be able to handle typical scenarios like username/password based authentication, as well as token based authentication The framework should allow adding new supported token types Should work with WCF web programming model either self-host or IIS hosted Service code can rely on an IClaimsPrincipal on Thread.CurrentPrincipal that describes the client using claims-based identity Implementation overview In WCF the main extensibility point for this kind of security work is the ServiceAuthorizationManager. It gets invoked early enough in the pipeline, has access to the HTTP protocol details of the incoming request and can set Thread.CurrentPrincipal. The job of the SAM is simple: Check the Authorization header of the incoming HTTP request Check if a “registered” token (more on that later) is present If yes, validate the token using a security token handler, create the claims principal (including claims transformation) and set Thread.CurrentPrincipal If no, set an anonymous principal on Thread.CurrentPrincipal. By default, anonymous principals are denied access – so the request ends here with a 401 (more on that later). To wire up the custom authorization manager you need a custom service host – which in turn needs a custom service host factory. The full object model looks like this: Token handling A nice piece of existing WIF infrastructure are security token handlers. Their job is to serialize a received security token into a CLR representation, validate the token and turn the token into claims. The way this works with WS-Security based services is that WIF passes the name/namespace of the incoming token to WIF’s security token handler collection. This in turn finds out which token handler can deal with the token and returns the right instances. For HTTP based services we can do something very similar. The scheme on the Authorization header gives the service a hint how to deal with an incoming token. So the only missing link is a way to associate a token handler (or multiple token handlers) with a scheme and we are (almost) done. WIF already includes token handler for a variety of tokens like username/password or SAML 1.1/2.0. The accompanying sample has a implementation for a Simple Web Token (SWT) token handler, and as soon as JSON Web Token are ready, simply adding a corresponding token handler will add support for this token type, too. All supported schemes/token types are organized in a WebSecurityTokenHandlerCollectionManager and passed into the host factory/host/authorization manager. Adding support for basic authentication against a membership provider would e.g. look like this (in global.asax): var manager = new WebSecurityTokenHandlerCollectionManager(); manager.AddBasicAuthenticationHandler((username, password) => Membership.ValidateUser(username, password)); Adding support for Simple Web Tokens with a scheme of Bearer (the current OAuth2 scheme) requires passing in a issuer, audience and signature verification key: manager.AddSimpleWebTokenHandler( "Bearer", "http://identityserver.thinktecture.com/trust/initial", "https://roadie/webservicesecurity/rest/", "WFD7i8XRHsrUPEdwSisdHoHy08W3lM16Bk6SCT8ht6A="); In some situations, SAML token may be used as well. The following configures SAML support for a token coming from ADFS2: var registry = new ConfigurationBasedIssuerNameRegistry(); registry.AddTrustedIssuer( "d1 c5 b1 25 97 d0 36 94 65 1c e2 64 fe 48 06 01 35 f7 bd db", "ADFS"); var adfsConfig = new SecurityTokenHandlerConfiguration(); adfsConfig.AudienceRestriction.AllowedAudienceUris.Add( new Uri("https://roadie/webservicesecurity/rest/")); adfsConfig.IssuerNameRegistry = registry; adfsConfig.CertificateValidator = X509CertificateValidator.None; // token decryption (read from config) adfsConfig.ServiceTokenResolver = IdentityModelConfiguration.ServiceConfiguration.CreateAggregateTokenResolver(); manager.AddSaml11SecurityTokenHandler("SAML", adfsConfig); Transformation The custom authorization manager will also try to invoke a configured claims authentication manager. This means that the standard WIF claims transformation logic can be used here as well. And even better, can be also shared with e.g. a “surrounding” web application. Error handling A WCF error handler takes care of turning “access denied” faults into 401 status codes and a message inspector adds the registered authentication schemes to the outgoing WWW-Authenticate header when a 401 occurs. The next post will conclude with authorization as well as the source code download. (Wanna learn more about federation, WIF, claims, tokens etc.? Click here.)

Read the article
Why does my token return NULL and how can I fix it?(c++)

- by Van

I've created a program to get a string input from a user and parse it into tokens and move a robot according to the input. The program is supposed to recognize these inputs(where x is an integer): "forward x" "back x" "turn left x" "turn right x" and "stop". The program does what it's supposed to for all commands except for "stop". When I type "stop" the program prints out "whats happening?" because I've written a line which states: if(token == NULL) { cout << "whats happening?" << endl; } Why does token get NULL, and how can I fix this so it will read "stop" properly? here is the code: bool stopper = 0; void Navigator::manualDrive() { VideoStream video(&myRobot, 0);//allows user to see what robot sees video.startStream(); const int bufSize = 42; char uinput[bufSize]; char delim[] = " "; char *token; while(stopper == 0) { cout << "Enter your directions below: " << endl; cin.getline(uinput,bufSize); Navigator::parseInstruction(uinput); } } /* parseInstruction(char *c) -- parses cstring instructions received * and moves robot accordingly */ void Navigator::parseInstruction(char * uinput) { char delim[] = " "; char *token; // cout << "Enter your directions below: " << endl; // cin.getline (uinput, bufSize); token=strtok(uinput, delim); if(token == NULL) { cout << "whats happening?" << endl; } if(strcmp("forward", token) == 0) { int inches; token = strtok(NULL, delim); inches = atoi (token); double value = fabs(0.0735 * fabs(inches) - 0.0550); myRobot.forward(1, value); } else if(strcmp("back",token) == 0) { int inches; token = strtok(NULL, delim); inches = atoi (token); double value = fabs(0.0735 * fabs(inches) - 0.0550); myRobot.backward(1/*speed*/, value/*time*/); } else if(strcmp("turn",token) == 0) { int degrees; token = strtok(NULL, delim); if(strcmp("left",token) == 0) { token = strtok(uinput, delim); degrees = atoi (token); double value = fabs(0.00467 * degrees - 0.04); myRobot.turnLeft(1/*speed*/, value/*time*/); } else if(strcmp("right",token) == 0) { token = strtok(uinput, delim); degrees = atoi (token); double value = fabs(0.00467 * degrees - 0.04); myRobot.turnRight(1/*speed*/, value/*time*/); } } else if(strcmp("stop",token) == 0) { stopper = 1; } else { std::cerr << "Unknown command '" << token << "'\n"; } } /* autoDrive() -- reads in file from ifstream, parses * and moves robot according to instructions in file */ void Navigator::autoDrive(string filename) { const int bufSize = 42; char fLine[bufSize]; ifstream infile; infile.open("autodrive.txt", fstream::in); while (!infile.eof()) { infile.getline(fLine, bufSize); Navigator::parseInstruction(fLine); } infile.close(); } I need this to break out of the while loop and end manualDrive because in my driver program the next function called is autoDrive.

Read the article
Kohana3 - Auth Module deleting User while he is logged in bug

- by ahmet2106

Hello Stackoverflow Users, Today I've tested the Kohana3, which has been changed a lot. I'm working so much with the Auth Module, and need this in my new Project also. Now I found a Bug, I think it is a bug, what can I do? Problem: After I'm deleting a user from the Database, who is at this Moment logged_in() in my Website, and he is refreshing the page, he will be logged_in() as the first user out of the PRAEFIX_users Table. Even if he is deleted. And 99% this is an Administrator. My function which is checking and redirecting if he is not logged_in(): if(!Auth::instance()->logged_in()) { $this->request->redirect( 'login' ); } How can i change my Check Login so, that if he is deleted, he will be redirected to login (/login/) ? Here the same Thread at Kohana Forums, but I hope and think, stackoverflow is a litte bit faster :)

Read the article
Openvpn plugin openvpn-auth-ldap does not bind to Active Directory

- by Selivanov Pavel

I'm trying to configure OpenVPN with openvpn-auth-ldap plugin to authorize users via Active Directory LDAP. When I use the same server config without plugin option, and add client config with generated client key and cert, connection is successful, so problem is in the plugin. server.conf: plugin /usr/lib/openvpn/openvpn-auth-ldap.so "/etc/openvpn-test/openvpn-auth-ldap.conf" port 1194 proto tcp dev tun keepalive 10 60 topology subnet server 10.0.2.0 255.255.255.0 tls-server ca ca.crt dh dh1024.pem cert server.crt key server.key #crl-verify crl.pem persist-key persist-tun user nobody group nogroup verb 3 mute 20 openvpn-auth-ldap.conf: <LDAP> URL ldap://dc1.domain:389 TLSEnable no BindDN cn=bot_auth,cn=Users,dc=domain Password bot_auth Timeout 15 FollowReferrals yes </LDAP> <Authorization> BaseDN "cn=Users,dc=domain" SearchFilter "(sAMAccountName=%u)" RequireGroup false # <Group> # BaseDN "ou=groups,dc=mycompany,dc=local" # SearchFilter "(|(cn=developers)(cn=artists))" # MemberAttribute uniqueMember # </Group> </Authorization> Top-level domain in AD is used by historical reasons. Analogue configuration is working for Apache 2.2 in mod-authzn-ldap. User and password are correct. client.conf: remote server_name port 1194 proto tcp client pull remote-cert-tls server dev tun resolv-retry infinite nobind ca ca.crt ; with keys - works fine #cert test.crt #key test.key ; without keys - by password auth-user-pass persist-tun verb 3 mute 20 In server log there is string PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-auth-ldap.so '[/usr/lib/openvpn/openvpn-auth-ldap.so] [/etc/openvpn-test/openvpn-auth-ldap.conf]' which indicates, that plugin failed. I can telnet to dc1.domain:389, so this is not network/firewall problem. Later server says TLS Error: TLS object -> incoming plaintext read error TLS handshake failed - without plugin it tryes to do usal key authentification. server log: Tue Nov 22 03:06:20 2011 OpenVPN 2.1.3 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 21 2010 Tue Nov 22 03:06:20 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Nov 22 03:06:20 2011 PLUGIN_INIT: POST /usr/lib/openvpn/openvpn-auth-ldap.so '[/usr/lib/openvpn/openvpn-auth-ldap.so] [/etc/openvpn-test/openvpn-auth-ldap.conf]' intercepted=PLUGIN_AUTH_USER_PASS_VERIFY|PLUGIN_CLIENT_CONNECT|PLUGIN_CLIENT_DISCONNECT Tue Nov 22 03:06:20 2011 Diffie-Hellman initialized with 1024 bit key Tue Nov 22 03:06:20 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted> Tue Nov 22 03:06:20 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue Nov 22 03:06:20 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 22 03:06:20 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 22 03:06:20 2011 TLS-Auth MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Nov 22 03:06:20 2011 Socket Buffers: R=[87380->131072] S=[16384->131072] Tue Nov 22 03:06:20 2011 TUN/TAP device tun1 opened Tue Nov 22 03:06:20 2011 TUN/TAP TX queue length set to 100 Tue Nov 22 03:06:20 2011 /sbin/ifconfig tun1 10.0.2.1 netmask 255.255.255.0 mtu 1500 broadcast 10.0.2.255 Tue Nov 22 03:06:20 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Tue Nov 22 03:06:20 2011 GID set to nogroup Tue Nov 22 03:06:20 2011 UID set to nobody Tue Nov 22 03:06:20 2011 Listening for incoming TCP connection on [undef] Tue Nov 22 03:06:20 2011 TCPv4_SERVER link local (bound): [undef] Tue Nov 22 03:06:20 2011 TCPv4_SERVER link remote: [undef] Tue Nov 22 03:06:20 2011 MULTI: multi_init called, r=256 v=256 Tue Nov 22 03:06:20 2011 IFCONFIG POOL: base=10.0.2.2 size=252 Tue Nov 22 03:06:20 2011 MULTI: TCP INIT maxclients=1024 maxevents=1028 Tue Nov 22 03:06:20 2011 Initialization Sequence Completed Tue Nov 22 03:07:10 2011 MULTI: multi_create_instance called Tue Nov 22 03:07:10 2011 Re-using SSL/TLS context Tue Nov 22 03:07:10 2011 Control Channel MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Nov 22 03:07:10 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Tue Nov 22 03:07:10 2011 Local Options hash (VER=V4): 'c413e92e' Tue Nov 22 03:07:10 2011 Expected Remote Options hash (VER=V4): 'd8421bb0' Tue Nov 22 03:07:10 2011 TCP connection established with [AF_INET]10.0.0.9:47808 Tue Nov 22 03:07:10 2011 TCPv4_SERVER link local: [undef] Tue Nov 22 03:07:10 2011 TCPv4_SERVER link remote: [AF_INET]10.0.0.9:47808 Tue Nov 22 03:07:11 2011 10.0.0.9:47808 TLS: Initial packet from [AF_INET]10.0.0.9:47808, sid=a2cd4052 84b47108 Tue Nov 22 03:07:11 2011 10.0.0.9:47808 TLS_ERROR: BIO read tls_read_plaintext error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate Tue Nov 22 03:07:11 2011 10.0.0.9:47808 TLS Error: TLS object -> incoming plaintext read error Tue Nov 22 03:07:11 2011 10.0.0.9:47808 TLS Error: TLS handshake failed Tue Nov 22 03:07:11 2011 10.0.0.9:47808 Fatal TLS error (check_tls_errors_co), restarting Tue Nov 22 03:07:11 2011 10.0.0.9:47808 SIGUSR1[soft,tls-error] received, client-instance restarting Tue Nov 22 03:07:11 2011 TCP/UDP: Closing socket client log: Tue Nov 22 03:06:18 2011 OpenVPN 2.1.3 x86_64-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] [MH] [PF_INET6] [eurephia] built on Oct 22 2010 Enter Auth Username:user Enter Auth Password: Tue Nov 22 03:06:25 2011 NOTE: OpenVPN 2.1 requires '--script-security 2' or higher to call user-defined scripts or executables Tue Nov 22 03:06:25 2011 Control Channel Authentication: using 'ta.key' as a OpenVPN static key file Tue Nov 22 03:06:25 2011 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 22 03:06:25 2011 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication Tue Nov 22 03:06:25 2011 Control Channel MTU parms [ L:1543 D:168 EF:68 EB:0 ET:0 EL:0 ] Tue Nov 22 03:06:25 2011 Socket Buffers: R=[87380->131072] S=[16384->131072] Tue Nov 22 03:06:25 2011 Data Channel MTU parms [ L:1543 D:1450 EF:43 EB:4 ET:0 EL:0 ] Tue Nov 22 03:06:25 2011 Local Options hash (VER=V4): 'd8421bb0' Tue Nov 22 03:06:25 2011 Expected Remote Options hash (VER=V4): 'c413e92e' Tue Nov 22 03:06:25 2011 Attempting to establish TCP connection with [AF_INET]10.0.0.2:1194 [nonblock] Tue Nov 22 03:06:26 2011 TCP connection established with [AF_INET]10.0.0.2:1194 Tue Nov 22 03:06:26 2011 TCPv4_CLIENT link local: [undef] Tue Nov 22 03:06:26 2011 TCPv4_CLIENT link remote: [AF_INET]10.0.0.2:1194 Tue Nov 22 03:06:26 2011 TLS: Initial packet from [AF_INET]10.0.0.2:1194, sid=7a3c2a0f bd35bca7 Tue Nov 22 03:06:26 2011 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this Tue Nov 22 03:06:26 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=Fort-Funston_CA/[email protected] Tue Nov 22 03:06:26 2011 Validating certificate key usage Tue Nov 22 03:06:26 2011 ++ Certificate has key usage 00a0, expects 00a0 Tue Nov 22 03:06:26 2011 VERIFY KU OK Tue Nov 22 03:06:26 2011 Validating certificate extended key usage Tue Nov 22 03:06:26 2011 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication Tue Nov 22 03:06:26 2011 VERIFY EKU OK Tue Nov 22 03:06:26 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/[email protected] Tue Nov 22 03:06:26 2011 Connection reset, restarting [0] Tue Nov 22 03:06:26 2011 TCP/UDP: Closing socket Tue Nov 22 03:06:26 2011 SIGUSR1[soft,connection-reset] received, process restarting Tue Nov 22 03:06:26 2011 Restart pause, 5 second(s) ^CTue Nov 22 03:06:27 2011 SIGINT[hard,init_instance] received, process exiting Does anybody know how to get openvpn-auth-ldap wirking?

Read the article
iOS Facebook Access Token To Get User Wall Feed (status)

- by Felix

[DISCLAIMER : None of the access token or ID below here are real] I've done research for three solid days and no result on how to get user wall feed(post). I have used https://graph.facebook.com/oauth/access_token?client_id=YOUR_APP_ID&client_secret=YOUR_APP_SECRET&grant_type=client_credentials and get the access token which is something like this access_token=454345994651138|bAMGfuW-ueNXGCahley7ga125HN and then https://graph.facebook.com/100005939123542/feed?access_token=454345994651138|bAMGfuW-ueNXGCahley7ga125HN It gives me general information such as user's likes, name, id, current city... but NOT user's wall posts. I've learned that there are three types of access token, which is App Token, User Token, and Page Token. In order to get user/feed by using graphAPI, I need to request to get User Token, but there's NO information in the lousy Facebook Doc! (Which frustrated me the most!) In order to generate the user access token, we need to set some permission, generate the access token, and GET the user's wall feed, which is in JSON format. My question is : How do I get the User Access Token in order to get user wall post in iOS Xcode?

Read the article
Dovecot Virtual Users Not Authenticating

- by blankabout

We have a standard Postfix/Dovecot installation working perfectly with real users but cannot work out how to add virtual users, all virtual user login attempts fail with authentication errors. Following are snippets from the configuration files: /etc/postfix/main.cf: virtual_mailbox_domains = virtualexample.com virtual_mailbox_base = /var/spool/vhosts virtual_mailbox_recipients = hash:/etc/postfix/virtual_mailbox_recipients /etc/dovecot/dovecot.conf: !include conf.d/*.conf /etc/dovecot/conf.d/10-auth.conf auth_mechanisms = cram-md5 digest-md5 plain passdb { driver = passwd-file # Path for passwd-file. Also set the default password scheme. args = scheme=cram-md5 /etc/cram-md5.pwd } /etc/cram-md5.pwd [email protected]{MD5}$1$uIMvzy92$9Xt67B/qw4u6txkkxzne80 This is a snippet from the log when a login attempt is made: auth: Debug: Loading modules from directory: /usr/lib64/dovecot/auth auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libauthdb_ldap.so auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libdriver_sqlite.so auth: Debug: Module loaded: /usr/lib64/dovecot/auth/libmech_gssapi.so auth: Debug: passwd-file /etc/cram-md5.pwd: Read 1 users auth: Debug: auth client connected (pid=21990) auth: Debug: client in: AUTH#0111#011CRAM-MD5#011service=imap#011lip=1.1.1.1#011rip=2.2.2.2#011lport=143#011rport=51774 auth: Debug: client out: CONT#0111#011PDI1Njc0NjQ1NzQ3MTY0NTkuMTM0MTIxNzkwN0BncDM+ auth: Debug: client in: CONT auth: Debug: passwd-file([email protected],2.2.2.2): lookup: [email protected] file=/etc/cram-md5.pwd auth: Debug: client out: OK#0111#[email protected] auth: Debug: master in: REQUEST#0111630404609#01121990#0111#011b66b5f46b520a08e1d19d3d249be7073 auth: Debug: passwd([email protected],2.2.2.2): lookup auth: passwd([email protected],2.2.2.2): unknown user auth: Error: userdb([email protected],2.2.2.2): user not found from userdb passwd auth: Debug: master out: NOTFOUND#0111630404609 imap: Error: Authenticated user not found from userdb, auth lookup id=1630404609 (client-pid=21990 client-id=1) imap-login: Internal login failure (pid=21990 id=1) (auth failed, 1 attempts): user=, method=CRAM-MD5, rip=2.2.2.2, lip=1.1.1.1, mpid=21993 auth: Debug: auth client connected (pid=22010) auth: Debug: client in: AUTH#0111#011CRAM-MD5#011service=imap#011lip=1.1.1.1#011rip=2.2.2.2#011lport=143#011rport=51775 auth: Debug: client out: CONT#0111#011PDcxMDkwNDY1NTQzODUzMDkuMTM0MTIxNzkyOEBncDM+ auth: Debug: client in: CONT auth: Debug: passwd-file([email protected],2.2.2.2): lookup: [email protected] file=/etc/cram-md5.pwd auth: Debug: client out: OK#0111#[email protected] auth: Debug: master in: REQUEST#011343539713#01122010#0111#011e47b1345784e2845d59e794afa9a6bbe auth: Debug: passwd([email protected],2.2.2.2): lookup auth: passwd([email protected],2.2.2.2): unknown user auth: Error: userdb([email protected],2.2.2.2): user not found from userdb passwd auth: Debug: master out: NOTFOUND#011343539713 imap: Error: Authenticated user not found from userdb, auth lookup id=343539713 (client-pid=22010 client-id=1) imap-login: Internal login failure (pid=22010 id=1) (auth failed, 1 attempts): user=, method=CRAM-MD5, rip=2.2.2.2, lip=1.1.1.1, mpid=22011 It would appear that the user lookup is not working, even tho' the log suggests that Dovecot is using the /etc/cram-md5.pwd file and the user is configured in that same file. There are of course dozens of examples of using virtual users with Dovecot, but all the ones we have found either refer to Dovecot 1.x (we are using 2.x), using only virtual users (we must use real AND virtual users) or want to use a MySQL db, we need to use a text file. Some hints about where we are going wrong would be very much appreciated.

Read the article
Postfix SMTP auth not working with virtual mailboxes + SASL + Courier userdb

- by Greg K

So I've read a variety of tutorials and how-to's and I'm struggling to make sense of how to get SMTP auth working with virtual mailboxes in Postfix. I used this Ubuntu tutorial to get set up. I'm using Courier-IMAP and POP3 for reading mail which seems to be working without issue. However, the credentials used to read a mailbox are not working for SMTP. I can see from /var/log/auth.log that PAM is being used, does this require a UNIX user account to work? As I'm using virtual mailboxes to avoid creating user accounts. li305-246 saslauthd[22856]: DEBUG: auth_pam: pam_authenticate failed: Authentication failure li305-246 saslauthd[22856]: do_auth : auth failure: [user=fred] [service=smtp] [realm=] [mech=pam] [reason=PAM auth error] /var/log/mail.log li305-246 postfix/smtpd[27091]: setting up TLS connection from mail-pb0-f43.google.com[209.85.160.43] li305-246 postfix/smtpd[27091]: Anonymous TLS connection established from mail-pb0-f43.google.com[209.85.160.43]: TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits) li305-246 postfix/smtpd[27091]: warning: SASL authentication failure: Password verification failed li305-246 postfix/smtpd[27091]: warning: mail-pb0-f43.google.com[209.85.160.43]: SASL PLAIN authentication failed: authentication failure I've created accounts in userdb as per this tutorial. Does Postfix also use authuserdb? What debug information is needed to help diagnose my issue? main.cf: # TLS parameters smtpd_tls_cert_file = /etc/ssl/certs/smtpd.crt smtpd_tls_key_file = /etc/ssl/private/smtpd.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache # SMTP parameters smtpd_sasl_local_domain = smtpd_sasl_auth_enable = yes smtpd_sasl_security_options = noanonymous broken_sasl_auth_clients = yes smtpd_recipient_restrictions = permit_sasl_authenticated,permit_mynetworks,reject_unauth_destination smtp_tls_security_level = may smtpd_tls_security_level = may smtpd_tls_auth_only = no smtp_tls_note_starttls_offer = yes smtpd_tls_CAfile = /etc/ssl/certs/cacert.pem smtpd_tls_loglevel = 1 smtpd_tls_received_header = yes smtpd_tls_session_cache_timeout = 3600s tls_random_source = dev:/dev/urandom /etc/postfix/sasl/smtpd.conf pwcheck_method: saslauthd mech_list: plain login /etc/default/saslauthd START=yes PWDIR="/var/spool/postfix/var/run/saslauthd" PARAMS="-m ${PWDIR}" PIDFILE="${PWDIR}/saslauthd.pid" DESC="SASL Authentication Daemon" NAME="saslauthd" MECHANISMS="pam" MECH_OPTIONS="" THREADS=5 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd" /etc/courier/authdaemonrc authmodulelist="authuserdb" I've only modified one line in authdaemonrc and restarted the service as per this tutorial. I've added accounts to /etc/courier/userdb via userdb and userdbpw and run makeuserdb as per the tutorial. SOLVED Thanks to Jenny D for suggesting use of rimap to auth against localhost IMAP server (which reads userdb credentials). I updated /etc/default/saslauthd to start saslauthd correctly (this page was useful) MECHANISMS="rimap" MECH_OPTIONS="localhost" THREADS=0 OPTIONS="-c -m /var/spool/postfix/var/run/saslauthd -r" After doing this I got the following error in /var/log/auth.log: li305-246 saslauthd[28093]: auth_rimap: unexpected response to auth request: * BYE [ALERT] Fatal error: Account's mailbox directory is not owned by the correct uid or gid: li305-246 saslauthd[28093]: do_auth : auth failure: [user=fred] [service=smtp] [realm=] [mech=rimap] [reason=[ALERT] Unexpected response from remote authentication server] This blog post detailed a solution by setting IMAP_MAILBOX_SANITY_CHECK=0 in /etc/courier/imapd. Then restart your courier and saslauthd daemons for config changes to take effect. sudo /etc/init.d/courier-imap restart sudo /etc/init.d/courier-authdaemon restart sudo /etc/init.d/saslauthd restart Watch /var/log/auth.log while trying to send email. Hopefully you're good!

Read the article
Windows Identity Foundation: How to get new security token in ASP.net

- by Rising Star

I'm writing an ASP.net application that uses Windows Identity Foundation. My ASP.net application uses claims-based authentication with passive redirection to a security token service. This means that when a user accesses the application, they are automatically redirected to the Security Token Service where they receive a security token which identifies them to the application. In ASP.net, security tokens are stored as cookies. I want to have something the user can click on in my application that will delete the cookie and redirect them to the Security Token Service to get a new token. In short, make it easy to log out and log in as another user. I try to delete the token-containing cookie in code, but it persists somehow. How do I remove the token so that the user can log in again and get a new token?

Read the article
Lock down a site using Forms Auth in IIS7 with Windows Auth

- by Josh

I have an ASP.NET MVC 1.0 application that uses Forms Authentication. We are using Windows Server 2008. I need to lock down the site so that only certain users (in AD Groups) can access the site. Unfortunately, though, when I set the site to not allow anon users and use windows authentication, due to the integration of the site and IIS, it shows the user as signed in as their domain account, instead of allowing them to sign in through Forms Auth. So, I need a mixed mode authentication. I need the site to be only accessible through windows auth, without anon users, but once you are in, it needs to use forms auth only. How would I go about doing this the right way?

Read the article
Lock down a site using Forms Auth in IIS7 with Windows Auth

- by justjoshingyou

I have an ASP.NET MVC 1.0 application that uses Forms Authentication. We are using Windows Server 2008. I need to lock down the site so that only certain users (in AD Groups) can access the site. Unfortunately, though, when I set the site to not allow anon users and use windows authentication, due to the integration of the site and IIS, it shows the user as signed in as their domain account, instead of allowing them to sign in through Forms Auth. So, I need a mixed mode authentication. I need the site to be only accessible through windows auth, without anon users, but once you are in, it needs to use forms auth only. How would I go about doing this the right way?

Read the article
Still getting duplicate token error after calling DuplicateTokenEx for impersonated token

- by atconway

I'm trying to return a Sytem.IntPtr from a service call so that the client can use impersonation to call some code. My imersonation code works properly if not passing the token back from a WCF service. I'm not sure why this is not working. I get the following error: "Invalid token for impersonation - it cannot be duplicated." Here is my code that does work except when I try to pass the token back from a service to a WinForm C# client to then impersonate. [DllImport("advapi32.dll", EntryPoint = "DuplicateTokenEx")] public extern static bool DuplicateTokenEx(IntPtr ExistingTokenHandle, uint dwDesiredAccess, ref SECURITY_ATTRIBUTES lpThreadAttributes, int TokenType, int ImpersonationLevel, ref IntPtr DuplicateTokenHandle); private IntPtr tokenHandle = new IntPtr(0); private IntPtr dupeTokenHandle = new IntPtr(0); [StructLayout(LayoutKind.Sequential)] public struct SECURITY_ATTRIBUTES { public int Length; public IntPtr lpSecurityDescriptor; public bool bInheritHandle; } public enum SecurityImpersonationLevel { SecurityAnonymous = 0, SecurityIdentification = 1, SecurityImpersonation = 2, SecurityDelegation = 3 } public enum TokenType { TokenPrimary = 1, TokenImpersonation = 2 } private const int MAXIMUM_ALLOWED = 0x2000000; [PermissionSetAttribute(SecurityAction.Demand, Name = "FullTrust")] public System.IntPtr GetWindowsUserToken(string UserName, string Password, string DomainName) { IntPtr tokenHandle = new IntPtr(0); IntPtr dupTokenHandle = new IntPtr(0); const int LOGON32_PROVIDER_DEFAULT = 0; //This parameter causes LogonUser to create a primary token. const int LOGON32_LOGON_INTERACTIVE = 2; //Initialize the token handle tokenHandle = IntPtr.Zero; //Call LogonUser to obtain a handle to an access token for credentials supplied. bool returnValue = LogonUser(UserName, DomainName, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref tokenHandle); //Make sure a token was returned; if no populate the ResultCode and throw an exception: int ResultCode = 0; if (false == returnValue) { ResultCode = Marshal.GetLastWin32Error(); throw new System.ComponentModel.Win32Exception(ResultCode, "API call to LogonUser failed with error code : " + ResultCode); } SECURITY_ATTRIBUTES sa = new SECURITY_ATTRIBUTES(); sa.bInheritHandle = true; sa.Length = Marshal.SizeOf(sa); sa.lpSecurityDescriptor = (IntPtr)0; bool dupReturnValue = DuplicateTokenEx(tokenHandle, MAXIMUM_ALLOWED, ref sa, (int)SecurityImpersonationLevel.SecurityDelegation, (int)TokenType.TokenImpersonation, ref dupTokenHandle); int ResultCodeDup = 0; if (false == dupReturnValue) { ResultCodeDup = Marshal.GetLastWin32Error(); throw new System.ComponentModel.Win32Exception(ResultCode, "API call to DuplicateToken failed with error code : " + ResultCode); } //Return the user token return dupTokenHandle; } Any idea if I'm not using the call to DuplicateTokenEx correctly? According to the MSDN documentation I read here I should be able to create a token valid for delegation and use across the context on remote systems. When 'SecurityDelegation' is used, the server process can impersonate the client's security context on remote systems. Thanks!

Read the article
Using a randomly generated token for flood control.

- by James P

Basic setup of my site is: user enters a message on the homepage, hits enter and the message is sent though a AJAX request to a file called like.php where it echo's a link that gets sent back to the user. I have made the input disable when the user presses enter, but there's nothing stopping the user from just constantly flooding like.php with POST request and filling up my database. Someone here on SO told me to use a token system but didn't mention how. I've seen this being done before and from what I know it is effective. The only problem I have is how will like.php know it's a valid token? My code is this at the moment: $token = md5(rand(0, 9999) * 1000000); and the markup: <input type="hidden" name="token" value="<?php echo $token ?>" /> Which will send the token to like.php through POST. But how will like.php know that this is a valid token? Should I instead token something that's linked to the user? Like their IP address? Or perhaps token the current minute and check that it's the same minute in like.php... Any help on this amtter would be greatly appreciated, thanks. :)

Read the article
PHPMyAdmin HTTP auth works, but not cookie auth

- by ssmy

I'm running PHPMyAdmin version 3.3.2 on Ubuntu 10.04, fully updated. Recently, the authentication for PHPMyAdmin stopped working. It would return the error 1045. However, login on the command line still worked. I switched to HTTP authentication instead of cookie auth, and now it works fine. Any ideas why this could be, or what I could do to make cookie auth work again? (Partly just to know, and partly since it's a bit nicer).

Read the article
Sendmail smtp-auth issues

- by SlackO

I'm running into a problem with Sendmail trying to implement SMTP- auth. I"m running 8.14.5 and have saslauthd running under FreeBSD 7.0-R. I don't believe I have starttls enabled (but I also compiled a version with it and have been testing it too - same problem) - just looking for basic auth, but am wondering if my configuration is not compatible with modern mail clients? I don't think I have any certs set up. It seems an older version of Microsoft Outlook Express works fine with SMTP-auth with no problems, but Outlook 2010 won't work, and neither will Eudora (basic settings to not use encryption and use same uid/pw as pop3 account name) When trying to send mail the server reports: "550 571 Relaying Denied. Proper authentication required." Is there some config that I am missing? Why does it work with Outlook Express but not other e-mail clients? my site.config.m4 has: APPENDDEF(confENVDEF',-DSASL=2') APPENDDEF(conf_sendmail_LIBS',-lsasl2') dnl APPENDDEF(confLIBDIRS',-L/usr/local/lib/sasl2') APPENDDEF(confLIBDIRS',-L/usr/local/lib') APPENDDEF(confINCDIRS',-I/usr/local/include') My sendmail.mc has: define(ConfAUTH_OPTIONS',A') TRUST_AUTH_MECH(LOGIN PLAIN')dnl define(ConfAUTH_MECHANISMS',`LOGIN PLAIN')dnl My /usr/local/lib/sasl2/Sendmail.conf has: pwcheck_method: saslauthd When I restart sendmail this shows up in the logs: Jun 16 12:36:24 x sm-mta[79090]: restarting /usr/sbin/sendmail due to signal Jun 16 12:36:24 x sm-mta[81145]: starting daemon (8.14.5): SMTP+queueing@00:30:00 Jun 16 12:36:24 x sm-mta[81147]: STARTTLS=client, relay=mxgw1.mail.nationalnet.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Jun 16 12:36:24 x sm-mta[81148]: STARTTLS=client, relay=mxgw1.mail.nationalnet.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 testing on the cmd line: telnet localhost 587 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. 220 xxxt ESMTP Sendmail 8.14.5/8.14.5; Fri, 15 Jun 2012 18:28:03 -0500 (CDT) ehlo localhost 250-xxxx Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-AUTH GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN 250-DELIVERBY 250 HELP I am not using any certs or ssl right now - just trying to get basic auth to work. Anyone have any ideas?

Read the article
WIF, ADFS 2 and WCF–Part 6: Chaining multiple Token Services

- by Your DisplayName here!

See the previous posts first. So far we looked at the (simpler) scenario where a client acquires a token from an identity provider and uses that for authentication against a relying party WCF service. Another common scenario is, that the client first requests a token from an identity provider, and then uses this token to request a new token from a Resource STS or a partner’s federation gateway. This sounds complicated, but is actually very easy to achieve using WIF’s WS-Trust client support. The sequence is like this: Request a token from an identity provider. You use some “bootstrap” credential for that like Windows integrated, UserName or a client certificate. The realm used for this request is the identifier of the Resource STS/federation gateway. Use the resulting token to request a new token from the Resource STS/federation gateway. The realm for this request would be the ultimate service you want to talk to. Use this resulting token to authenticate against the ultimate service. Step 1 is very much the same as the code I have shown in the last post. In the following snippet, I use a client certificate to get a token from my STS: private static SecurityToken GetIdPToken() { var factory = new WSTrustChannelFactory( new CertificateWSTrustBinding(SecurityMode.TransportWithMessageCredential, idpEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.ClientCertificate.SetCertificate( StoreLocation.CurrentUser, StoreName.My, X509FindType.FindBySubjectDistinguishedName, "CN=Client"); var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress(rstsRealm), KeyType = KeyTypes.Symmetric }; var channel = factory.CreateChannel(); return channel.Issue(rst); } To use a token to request another token is slightly different. First the IssuedTokenWSTrustBinding is used and second the channel factory extension methods are used to send the identity provider token to the Resource STS: private static SecurityToken GetRSTSToken(SecurityToken idpToken) { var binding = new IssuedTokenWSTrustBinding(); binding.SecurityMode = SecurityMode.TransportWithMessageCredential; var factory = new WSTrustChannelFactory( binding, rstsEndpoint); factory.TrustVersion = TrustVersion.WSTrust13; factory.Credentials.SupportInteractive = false; var rst = new RequestSecurityToken { RequestType = RequestTypes.Issue, AppliesTo = new EndpointAddress(svcRealm), KeyType = KeyTypes.Symmetric }; factory.ConfigureChannelFactory(); var channel = factory.CreateChannelWithIssuedToken(idpToken); return channel.Issue(rst); } For this particular case I chose an ADFS endpoint for issued token authentication (see part 1 for more background). Calling the service now works exactly like I described in my last post. You may now wonder if the same thing can be also achieved using configuration only – absolutely. But there are some gotchas. First of all the configuration files becomes quite complex. As we discussed in part 4, the bindings must be nested for WCF to unwind the token call-stack. But in this case svcutil cannot resolve the first hop since it cannot use metadata to inspect the identity provider. This binding must be supplied manually. The other issue is around the value for the realm/appliesTo when requesting a token for the R-STS. Using the manual approach you have full control over that parameter and you can simply use the R-STS issuer URI. Using the configuration approach, the exact address of the R-STS endpoint will be used. This means that you may have to register multiple R-STS endpoints in the identity provider. Another issue you will run into is, that ADFS does only accepts its configured issuer URI as a known realm by default. You’d have to manually add more audience URIs for the specific endpoints using the ADFS Powershell commandlets. I prefer the “manual” approach. That’s it. Hope this is useful information.

Read the article
FQL query using stream table doesn't accept app access token

- by tougher

I've searched stackoverflow all day long to find an answer without luck, so here we go. I'm trying to fetch data from the stream table like this: FQL: SELECT post_id, message, created_time FROM stream WHERE source_id = 131559313586863 URL: http:// graph.facebook.com/fql?q=SELECT+post_id%2C+message%2C+created_time+FROM+stream+WHERE+source_id+%3D+131559313586863&access_token=10669xxxxx74470|PF-7GSdBx0Nxxxxxkdi1KwSQG-w But I get a 400 Bad Request as response with the error message: "An access token is required to request this resource.". I'm fetching an application access token with this url: https:// graph.facebook.com/oauth/access_token?client_id=FACEBOOK_APP_ID&client_secret=FACEBOOK_APP_SECRET&grant_type=client_credentials Facebook state in this blog post that "You will need to pass a valid app or user access token to access this functionality.". Functionality refers to /feed and /posts (the stream table). Futhermore this wiki tells the same story about using the stream table, "From June 3 2011 a token is required to query this table. You can use any application or user token to make the query.". Does anyone see my hopefully obvious flaw? Please note: The profile in the FQL query is public. I need this to run userless though a cronjob. No user interaction is possible. The request works if I replace the app access token with my own user token from https:// developers.facebook.com/tools/explorer Sorry for breaking the URL's. I need more reputation to post more than 2 links :-/

Read the article
JWT Token Security with Fusion Sales Cloud

- by asantaga

When integrating SalesCloud with a 3rd party application you often need to pass the users identity to the 3rd party application so that The 3rd party application knows who the user is The 3rd party application needs to be able to do WebService callbacks to Sales Cloud as that user. Until recently without using SAML, this wasn't easily possible and one workaround was to pass the username, potentially even the password, from Sales Cloud to the 3rd party application using URL parameters.. With Oracle Fusion R8 we now have a proper solution and that is called "JWT Token support". This is based on the industry JSON Web Token standard , for more information see here JWT Works by allowing the user the ability to generate a token (lasts a short period of time) for a specific application. This token is then passed to the 3rd party application as a GET parameter. The 3rd party application can then call into SalesCloud and use this token for all webservice calls, the calls will be executed as the user who generated the token in the first place, or they can call a special HR WebService (UserService-findSelfUserDetails() ) with the token and Fusion will respond with the users details. Some more details The following will go through the scenario that you want to embed a 3rd party application within a WebContent frame (iFrame) within the opportunity screen. 1. Define your application using the topology manager in setup and maintenance See this documentation link on topology manager 2. From within your groovy script which defines the iFrame you wish to embed, write some code which looks like this : def thirdpartyapplicationurl = oracle.topologyManager.client.deployedInfo.DeployedInfoProvider.getEndPoint("My3rdPartyApplication" )def crmkey= (new oracle.apps.fnd.applcore.common.SecuredTokenBean().getTrustToken())def url = thirdpartyapplicationurl +"param1="+OptyId+"&jwt ="+crmkeyreturn (url) This snippet generates a URL which contains The Hostname/endpoint of the 3rd party application Two Parameters The opportunityId stored in parameter "param1" The JWT Token store in parameter "jwt" 3. From your 3rd Party Application you now have two options Execute a webservice call by first setting the header parameter "Authentication" to the JWT token. The webservice call will be executed against Fusion Applications "As" the user who execute the process To find out "Who you are" , set the header parameter to "Authentication" and execute the special webservice call findSelfUserDetails(), in the UserDetailsService For more information Oracle Sales Cloud Documentation , specific chapter on JWT Token OTN samples, specifically the Rich UI With JWT Token Sample Oracle Fusion Applications General Documentation

Read the article
Zend_Auth / Zend_Session error and storing objects in Auth Storage

- by Martin

Hi All, I have been having a bit of a problem with Zend_Auth and keep getting an error within my Acl. Within my Login Controller I setup my Zend_Auth storage as follows $auth = Zend_Auth::getInstance(); $result = $auth->authenticate($adapter); if ($result->isValid()) { $userId = $adapter->getResultRowObject(array('user_id'), null)->user_id; $user = new User_Model_User; $users = new User_Model_UserMapper; $users->find($userId, $user); $auth->getStorage()->write( $user ); } This seems to work well and I am able to use the object stored in the Zend_Auth storage within View Helpers without any problems. The problem that I seem to be having is when I try to use this within my Acl, below is a snippet from my Acl, as soon as it gets to the if($auth->hasIdentity()) { line I get the exception detailed further down. The $user->getUserLevel() is a methord within the User Model that allows me to convert the user_level_id that is stored in the database to a meaning full name. I am assuming that the auto loader sees these kind of methords and tries to load all the classes that would be required. When looking at the exception it appears to be struggling to find the class as it is stored in a module, I have the Auto Loader Name Space setup in my application.ini. Could anyone help with resolving this? class App_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract { protected $_roleName; public function __construct() { $auth = Zend_Auth::getInstance(); if($auth->hasIdentity()) { $user = $auth->getIdentity(); $this->_roleName = strtolower($user->getUserLevel()); } else { $this->_roleName = 'guest'; } } } Fatal error: Uncaught exception 'Zend_Session_Exception' with message 'Zend_Session::start() - \Web\library\Zend\Loader.php(Line:146): Error #2 include_once() [<a href='function.include'>function.include</a>]: Failed opening 'Menu\Model\UserLevel.php' for inclusion (include_path='\Web\application/../library;\Web\library;.;C:\php5\pear') Array' in \Web\library\Zend\Session.php:493 Stack trace: #0 \Web\library\Zend\Session\Namespace.php(143): Zend_Session::start(true) #1 \Web\library\Zend\Auth\Storage\Session.php(87): Zend_Session_Namespace->__construct('Zend_Auth') #2 \Web\library\Zend\Auth.php(91): Zend_Auth_Storage_Session->__construct() #3 \Web\library\Zend\A in \Web\library\Zend\Session.php on line 493 Thanks, Martin

Read the article
Facebook Invalid OAuth access token signature trying to post an attachment to group wall from PHP

- by Volodymyr B

I am an administrator (manager role) of a Facebook Group. I created an app, and stored its id and secret. I want my app to be able to post something on the Facebook group's feed. But when I attempt to post, I get the error 190 Invalid OAuth access token signature, even though I able to successfully obtain the access_token with publish_stream and offline_access scopes. It has the form of NNNNNNNNNNNNNNN|XXXXXXXXXXXXXXXXXXXXXXXXXXX, where N is a number (15) and X is a letter or a number (27). What should I do more to get this accomplished? Here is the code I am using: public static function postToFB($message, $image, $link) { //Get App Token $token = self::getFacebookToken(); // Create FB Object Instance $facebook = new Facebook(array( 'appId' => self::fb_appid, 'secret' => self::fb_secret, 'cookie' => true )); //$token = $facebook->getAccessToken(); //Try to Publish on wall or catch the Facebook exception try { $attachment = array('access_token' => $token, 'message' => $message, 'picture' => $image, 'link' => $link, //'name' => '', //'caption' => '', 'description' => 'More...', //'actions' => array(array('name' => 'Action Text', 'link' => 'http://apps.facebook.com/xxxxxx/')) ); $result = $facebook->api('/'.self::fb_groupid.'/feed/', 'post', $attachment); } catch (FacebookApiException $e) { //If the post is not published, print error details echo '<pre>'; print_r($e); echo '</pre>'; } } Code which returns the token //Function to Get Access Token public static function getFacebookToken($appid = self::fb_appid, $appsecret = self::fb_secret) { $args = array( 'grant_type' => 'client_credentials', 'client_id' => $appid, 'client_secret' => $appsecret, 'redirect_uri' => 'https://www.facebook.com/connect/login_success.html', 'scope' => 'publish_stream,offline_access' ); $ch = curl_init(); $url = 'https://graph.facebook.com/oauth/access_token'; curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_HEADER, false); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $args); try { $data = curl_exec($ch); } catch (Exception $exc) { error_log($exc->getMessage()); } return json_encode($data); } If I uncomment $token = $facebook->getAccessToken(); in the posting code, it gives me yet another error (#200) The user hasn't authorized the application to perform this action. The token I get using developers.facebook.com/tools/explorer/ is of another form, much longer and with it I am able to post to the group page feed. How do I do it without copy/paste from Graph API Explorer and how do I post as a group instead of posting as a user? Thanks.

Read the article
Facebook graph API - OAuth Token

- by Simon R

I'm trying to retrieve data using the new graph API, however the token I'm retriving from OAuth doesn't appear to be working. The call I'm making is as follows; $token = file_get_contents('https://graph.facebook.com/oauth/access_token?type=client_cred&client_id=<app_id>&client_secret=<app secret>'); This returns a token with a string length of 41. To give you an example of what is returned I have provided below a sample (converted all numbers to 0, all capital letters to 'A' and small case letters to 'a' access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA. I take this access token and attach it to the call request for data, it doesn't appear to be the correct token as it returns nothing. I make the data call as follows; file_get_contents('https://graph.facebook.com/<my_page's_id>/statuses?access_token=000000000000|AaaAaaAaaAAaAaaaaAaaAa0aaAA.') When I manually retrieve this page directly through the browser I get an 500/Internal Server Error Message. Any assistance would be grately appreciated.

Read the article
Use standard USB flash disk as security token

- by Harun Baris Bulut

We want our users in company to login their computers by using their USB Flash Disks or something else. Is there a way to achieve this without buying a USB token from a company ?

Read the article
struts2 invalid.token returned when form submitted using JQuery

- by John

Hi, I have inherited some code in which I now have to add CSRF prevention and am trying to use the struts2 tokenSession interceptor to do this. I am adding a token to my form using the struts2 token tag like so: <form id="updateObject" name="updateObject" action="<%=request.getContextPath()%>/prv/updateObject.action" method="POST"> <fieldset class="x-fieldset"> <legend>Update object - Action Required</legend> <div>...</div> <s:token /> <s:hidden name="id" id="objectId" /> more stuff here... <input type="submit" value="Update Object" onclick="javascript:return doUpdateObject('myAction');"/> </fieldset> </form> In my javascript function, I am adding/removing some validation rules (depending upon the action required, and submitting the form: function doUpdateObject(action){ actionPanel.registerAction(action); // this function places the action name in an in-scope variable doUpdateObjectValidationSetup(action); // this function adds/removes jquery validation rules depending upon the action if($("#updateObject").valid()){ $("form#updateObject").submit(); } return false; } I have intercepted the request and a token is being added, however the struts2 tokenSession interceptor is returning invalid.token. The code works as expected without this interceptor. (struts2 xml file not posted - will post the relevant section if required). I have also used the tokenSession interceptor in other pages which use a basic html submit button (i.e. not going via javascript or jquery) and this also works as expected. What is making the token invalid? N.B. The project I have inherited uses a strange mixture of standard html, struts2 tags, ExtJS and JQuery. I will clean this up at some point but at the moment I just need to get the tokenSession interceptor working asap in the code as-is (as I have to apply a similar fix to several hundred pages...). Any help/pointers/tips/etc greatly appreciated! Regards, John

Read the article

Search Results

Search found 3544 results on 142 pages for 'auth token'.

Page 1/142 | 1 2 3 4 5 6 7 8 9 10 11 12 | Next Page >

- by mmj

- by gruszczy

- by user1626384

- by Your DisplayName here!

- by Van

- by ahmet2106

- by Selivanov Pavel

- by Felix

- by blankabout

- by Greg K

- by Rising Star

- by Josh

- by justjoshingyou

- by atconway

- by James P

- by ssmy

- by SlackO

- by Your DisplayName here!

- by tougher

- by asantaga

- by Martin

- by Volodymyr B

- by Simon R

- by Harun Baris Bulut

- by John

1 2 3 4 5 6 7 8 9 10 11 12 | Next Page >