Thanks for verifying this Christian. Committed to trunk. See http://fedora-commons.org/jira/browse/FCREPO-581
- Chris On Wed, Nov 18, 2009 at 2:17 AM, Christian Rohrer <[email protected]> wrote: > Hi Chris > > > On 17.11.2009, at 23:13, Chris Wilper wrote: > >> Hi Paul and Alex, >> >> I wonder if this could be fixed by simply changing that default policy. >> >> Could one of you try this and report back: >> >> 1) revert to your original /etc/hosts and verify the problem occurs again >> 2) modify the following file: >> $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/deny-apim-if-not-localhost.xml >> a) Right after the AttributeValue line containing 127.0.0.1, add >> another identical AttributeValue line with ::1 for the value instead >> of 127.0.0.1 >> 3) restart fedora (or just tell the server to reload the policies, >> e.g. "fedora-reload-policies.sh http fedoraAdmin fedoraAdmin") >> > > Our Fedora has been IPv6-enabled for a quite some time already, and your > proposed solution is exactly what we have put in place to make it work. > > Cheers > Christian > >> >> >> On Tue, Nov 17, 2009 at 8:00 AM, Paul Pound <[email protected]> wrote: >>> We had a user who had this same issue on ubuntu 9.04 server. Api-m soap >>> calls were getting unauthorized errors until he commented out the ipv6 >>> stuff in his hosts file. >>> >>> Has anyone else had this problem? Does it affect the new rest api or >>> is it soap calls only? Is there another way around this? >>> >>> This is with xacml enforcement on. He changed the log level to debug >>> and we could see that the user was authenticated and had the appropriate >>> roles. >>> >>> Thanks, >>> Paul >>> >>>>>> Alexander O'Neill <[email protected]> 10/8/2009 2:48 pm >>> >>> Hi, >>> >>> I was getting "401 Unauthorized" errors when trying to use API-M on my >>> >>> local Fedora 3.2 install after upgrading to Mac OS X 10.6. I >>> struggled with global XACML policies and tried to see if I had changed >>> >>> anything but couldn't see anything that might be the culprit. >>> >>> Just before I was going to zap my local Fedora install I had a thought >>> >>> that it might have to do with the usual API-M restriction to being >>> called from localhost. I looked in my /etc/hosts folder and saw new >>> entries: >>> >>> 127.0.0.1 localhost >>> 255.255.255.255 broadcasthost >>> ::1 localhost >>> fe80::1%lo0 localhost >>> >>> Commenting out the last 2 lines and restarting Fedora solved the >>> problem I was having. >>> >>> BUT: >>> >>> This is how Snow Leopard comes by default, so anyone installing Fedora >>> >>> on the Mac platform is now going to face this problem if they try to >>> use API-M. >>> >>> So I think it's now necessary to find a solution in Fedora itself for >>> >>> this IPv6 localhost issue, since it was mostly a stroke of luck that I >>> >>> thought to look in the right place. What do other people think? >>> >>> Cheers, >>> >>> >>> --- >>> Alexander O'Neill >>> Programmer / Analyst >>> Robertson Library >>> University of Prince Edward Island >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >>> is the only developer event you need to attend this year. Jumpstart >>> your >>> developing skills, take BlackBerry mobile applications to market and >>> stay >>> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >>> http://p.sf.net/sfu/devconference >>> _______________________________________________ >>> Fedora-commons-developers mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers >>> >>> ------------------------------------------------------------------------------ >>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day >>> trial. Simplify your report design, integration and deployment - and focus >>> on >>> what you do best, core application coding. Discover what's new with >>> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>> _______________________________________________ >>> Fedora-commons-developers mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers >>> > > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Fedora-commons-developers mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-developers
