On 29 May 2014, at 14:18, Liam Hoekenga <li...@umich.edu> wrote: > Our cosign installation uses kerberos and friend as the primary > authenticators. > We're getting instances of this error in our logs: > > Couldn't identify an authenticator for /USERNAME/ > > I can find where this error occurs in the source code, but I can't really > figure out what would trigger it. The problem usernames all seem to be > valid, active kerberos principals, and our logs indicate that sometimes the > problem usernames *are* able to authenticate. > > The failures are initiated by a wide variety of cosign service providers. > They seem to happen in batches - we had ~360 between 14:00 - 14:15 today, > though that might be a bad observation.. Splunk shows that we see ~5k-20k of > these a day.
It's an error from the pick_authenticator() routine called via the CGI, which just tests whether the supplied login matches (via regex) any passwd keyword lines or if no passwd keyword lines are specified, the default mysql (if compiled) or default kerberos rules. Do you have any passwd keywords configured? :wes ------------------------------------------------------------------------------ Time is money. Stop wasting it! Get your web API in 5 minutes. www.restlet.com/download http://p.sf.net/sfu/restlet _______________________________________________ Cosign-discuss mailing list Cosign-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/cosign-discuss
