Hi Mary, On Tue, Jan 19, 2010 at 12:21 PM, wei yuan <[email protected]> wrote: > Dear everyone, > > Did you have the authentication (401 error) problems for the demo objects > from the demo site and admin? I can not view the datastream for all objects > and the error is with authentication. From the admin side, I get 401 error > saying could not get datastream for DC (or other types) due to 401 error.
Which admin client are you using: the java one or the newer, web-based one (at /fedora/admin). Is this happening with Fedora 3.3? > Please let me know how you resolve such a problem. From the client admin, I > modified the ssl options for java and it worked, but how do yo do for the > admin and demo interface? When you say you modified the ssl options from the client admin, what exactly did you do? I can't tell without more information, but it's possible that, if you're using the java admin gui from a different host, one of the default XACML policies is preventing remote administrative access. By default, that policy is under $FEDORA_HOME/data/fedora-xacml-policies/repository-policies/default/, and is the file named deny-apim-if-not-localhost.xml. You can test whether this is the case by (temporarily) removing that file and restarting Tomcat (or running fedora-reload-policies.sh/.bat if you don't want to restart). Later, if you still want to restrict administrative access by IP address, you can modify that file and change the IP address(es) from which it allows administrative access. Note that this default restriction is above and beyond the normal authentication done by Fedora, so if you're going over SSL and you're confident that the password is a secure one, you may just want to allow admin access from anywhere (and therefore permanently delete that policy). - Chris ------------------------------------------------------------------------------ The Planet: dedicated and managed hosting, cloud storage, colocation Stay online with enterprise data centers and the best network in the business Choose flexible plans and management services without long-term contracts Personal 24x7 support from experience hosting pros just a phone call away. http://p.sf.net/sfu/theplanet-com _______________________________________________ Fedora-commons-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fedora-commons-users
