I am trying to configure and understnad how the most common Jupyter authenticators work. However, I am having trouble understanding how LocalAuthenticator works and how it differs from PAMAuthenticator. The Jupyter documentation states the following: The LocalAuthenticator is a special kind of authenticator that has the ability to manage users on the local system.. Given that I am running everything locally, on my laptop, my uderstading is that I can use the same credentials I use to login to my Linux user. However this doesn't work. The JupyterHub server gives the following message: Failed login for <user>.
My JupyterHub configuration file only contains the following line:
c.JupyterHub.authenticator_class = 'jupyterhub.auth.LocalAuthenticator'.
If I change the above line to:
c.JupyterHub.authenticator_class = 'jupyterhub.auth.PAMAuthenticator'
then everything works just fine and the login is succesfull.
Can someone explain me the differences of the two authenticators and why the LocalAuthenticator does not work in my case? The only difference I am aware of is that (according to the documentation) the LocalAuthenticator creates new users if they don't exist. However, after setting c.LocalAuthenticator.create_system_users = True and trying to login with a non-existent user, no new user is created.
Thank you.
PS: My OS is Debian Testing and I have installed JupyterHub using the instructions provided on its GitHub page.
Related
I am trying to create a federated authentication using the Keycloak and following the steps mentioned here: Setup User Federation with Keycloak
I have been using the port 10389 instead of 389 mentioned in the document. Everything seems to be working fine until the step where I am making the connection from Keycloak to LDAP.
When I provide the Connection URL as ldap://localhost:10389 and click on the Test Connection then I get the error:
Error! Error when trying to connect to LDAP. See server.log for details
I am not sure what's wrong because when I check in the Apache Directory Studio there everything seems to be working fine for me and I am able to get all the users list etc. I am not sure why I am unable to make the connection from Keycloak to LDAP.
I tried the following things but nothing worked for me:
ldap://localhost:10389
localhost:10389
ldap://127.0.0.1:10389
ldap://localhost:389
Stopped the docker in the dashboard and started again.
After trying a lot I found the solution. Posting the answer as it can be useful to someone else in the future.
I was using the localhost and 127.0.0.1 which was not working. Finally, I checked the IP Address of my system using the terminal (for mac ipconfig) and tried that and it worked:
ldap://192.168.1.12:10389
I am having trouble working through the Compute Engine Quickstart: Build a to-do app with a MongoDB tutorial. (edit: I am running the tutorial from within the compute engine console; i.e. https://console.cloud.google.com/compute/instances?project=&tutorial=compute_quickstart)
I SSH into the backend instance. I enter the "gcloud compute" command as copied from the tutorial. I am prompted to enter a passphrase. The following is returned:
WARNING: The public SSH key file for gcloud does not exist.
WARNING: The private SSH key file for gcloud does not exist.
WARNING: You do not have an SSH key for gcloud.
WARNING: SSH keygen will be executed to generate a key.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in
...
<< Identifying detail ommitted >>
...
**ERROR: (gcloud.compute.ssh) Could not fetch resource:
- Insufficient Permission**
I had run through this stage of the tutorial on a previous occasion with no problems.
I am working from a Windows 10 PC with the google-cloud-sdk installed. I am using google chrome. I have tried in both regular and incognito modes.
Any help or advice greatfully received!
DaveDub
It looks like the attempt to SSH is recognising the instance in your project, but the user doesn't have the required permissions to access the machine.
Have you tried running:
gcloud auth login
and completing the web-based authorization to ensure you are attempting to access the machine as the correct (authenticated) user? This process ensures the Cloud SDK you are running inherits the permissions of the user specified in the web-based authorisation. See here for more information on this.
It's also worth adding the link to the tutorial you are following to your question.
Besides the accepted answer, be sure you are in the correct gcloud project
gcloud projects list
Then
gcloud config set project <your-project>
I just ran into this for yet another reason. Google has always had poor handling of multi-user auth conflicts with their business products. Whatever you sign into a clean chrome session with 'first' gets a 'special', invisible role. I've noticed with gsuite that I get 'forced' into that first user when I try to access the admin panel, and the only way to escape is to make sure that whatever google user I use for the gsuite admin is 'first', or open an incognito window. I've seen this bug for years, can't believe it still exists.
Anyways, I ran into a similar issue. Somehow I was the wrong google user, so the link I got when copy/pasting out of 'connect with gcloud command' was implying wrong google user. Only noticed later when I just gave up and used the terminal that I was not my normal user... So, might look into that.
I want to use Odoo module name: Authentication via LDAP (by Odoo SA) to authenticate our user from Active Directory (Server 2003).
On my testing server, everything working smoothly, but not on my production server (I had make sure all settings are the same), this error alway report in server log, although username and password are correct.
I can not find out why, but when I check the information of LDAP module, I saw a little bit difference:
I also tried re-install but nothing change. Any help would be much appreciated.
This is the correct setting working with Odoo v9, I change the port form 389 to 3268
We want to run two Jenkins instaces on the same server.
To log in Jenkins (using version 1.595) web GUI we are using the LDAP plugin (version 1.11). "Project-based Matrix Authorization Strategy" is selected and my user is granted admin access here. So once I am able to login I have admin rights. The symbol to the left of the users added in the matirx shows a "little man" so the user seems to be found on LDAP.
CASE 1: If I type in my credentials CORRECT I get redirected
to the page that was open just before I clicked the "log in" button.
NOT good -> Without allowing anonymous user to administrate I have no chance of doing anything.
CASE 2: If I type in them WRONG Jenkins tells me "Invalid login information. Please try again."
good -> as expected.
Also tried "Anyone can do anything" as security setting. Using this I do not get redirected to the login form, but to the last visited page from where i called the "login".
It does't matter what type of Internet Explorer I use. The result is always the same (Chrome, Firefox and Internet explorer were tested).
I already discussed with the colleague responsible for the LDAP maintenance. The incoming information are handled correctly (-> LDAP settings within Jenkins must be correct). But this fact is clear since wrong login information leads to "Invalid login information page", but correct login information do not.
Also made sure that the firewall makes no problems.
Do you have any idea why this is not working? Or what the reasons could be?
Is it possible that there is kind of a "redirection link" for logins?
Hard to say from the information you've provided, but one thing to check is that the casing on your username exactly matches the name you have set up in matrix authentication. LDAP is not case sensitive but Jenkins is, which means that you can be authenticated successfully without having the administrative access you are expecting.
One way to proceed would be to add the 'authenticated' (case sensitive) user to your matrix with some limited permission set and see whether you are able to get past the login page.
I found one reason!
After deleting the environment variable JENKINS_HOME I was able to login into Jenkins... At least via localhost. Before even this login wasn't possible too. As we run two instaces of Jenkins on the same Server it seems like they want to use the variable both -> leads to failures. But if I try to login via network from another PC I still can't login (same as before). The variable JENKINS_HOME gets set (as before) within the jekins.xml in jenkins installation folder so the enironmentvariable is properbly not in need. I opend a new question, as this is now an Apache error.
I guess the reason why I can login via localhost, but not via network must be our Apache 2.2 server which is handling information wrong. By using localhost I can bypass Apache (-> works) but via network Apache gets used (-> don't work).
Link to the new question: Jenkins behind Apache Server / Can't log in Jenkins
I set up a Neo4j database on Azure following this guide. The set-up process went fine. The issue I'm having is that the database is not asking for a username or password when I access it though the public port. In other words, anyone can access and edit the database by simply navigating to the URL. Can anyone point me in the right direction as to how to set up authentication?
First: That's a fairly old walkthrough, with the v1.8 version of Neo4j running on the preview of Virtual Machines. And that image had a pre-set username and password. Look closely at the login box:
"The server says neo4j graphdb"
Those two will be your username and password.
Note: This is not the case if you use the latest 2.0x image in VM Depot.
I was able to get this working by modifying the /conf/neo4j-server.properties file and following the instructions at the github repo.
# Basic Auth-Filter-Extension
# See docs here: https://github.com/neo4j-contrib/authentication-extension
org.neo4j.server.credentials=your_user_name:your_password
org.neo4j.server.thirdparty_jaxrs_classes=org.neo4j.server.extension.auth=/auth