Hi,
I have no idea about the masked package - this is usually a local
setting and it works here, so no idea.
The sampleconfig script was contributed by another user, I saw some
potential in there but I never liked it and we there are considerations
to remove it entirely as it just causes support nightmares. Using it for
anything else than bringing up a DEMO install is beyond the intended use
case and not supported. If you want to customize your setup, use the
quickstart docs and do it yourself so we can pin down the problems one
be one.
best regards
Oliver
Am 30.11.20 um 13:59 schrieb Steve Downey via OpenXPKI-users:
> Hi there
>
>>> this looks like your Datavault Token is (again) not operational.
> Unfortunately, this time no, The error is clear in the SQL I included.
> Incorrect realm. Last time wasn't the datavault itself either, it was lack
> of an SQL schema entirely preventing the entry from being created. No table,
> no insert. Problem between keyboard and monitor. my key is good, can get a
> valid paired MD5 hash with cert and key, proving able to decrtypt and they
> pair up. I'm using a static password of "foo123" to keep it simple while I
> troubleshoot.
>
> also any reason why my version unmaking was missed over entirely?
>
>> I have this working with 3.6.1, but the debian packages are masked in the
>> repo. is there a way I can unmask that version as I've validated it. I'm
>> doing a whole new validation that wasn't intended.
> Why is it that, the vault gets inserted correctly. look at the realm, its the
> one I defined, I do see the certificate being inserted into the table a few
> queries ahead of this one.
>
>> 70 Query INSERT INTO aliases (group_id, notafter, pki_realm, identifier,
>> generation, alias, notbefore) VALUES ('vault', '1922315858', 'ITOps',
>> 'VY9D0BFJ9gh2Zg5PHtEGIK4V6yM', '1', 'vault-1', '1606523858') ON DUPLICATE
>> KEY UPDATE notbefore='1606523858', alias='vault-1',
>> identifier='VY9D0BFJ9gh2Zg5PHtEGIK4V6yM', generation='1', pki_realm='ITOps',
>> notafter='1922315858', group_id='vault'
> but then after, there is an insert and select that fails that references the
> DemoCA realm again. only I have no references to this realm at all in any of
> my code (same code from my last attempt no changes). Of the 3 inserts in the
> Transaction, 2 get rolled back. Why is DemoCA referenced at all?
>
> All the output and the script defines the realm as "ITOps" unless I missed a
> democa reference in a config yaml somewhere, why I also included a grep
> search in my last mail of all "democa" references. just none of them were
> files I edited my first time around.
>
> WHERE ( ( aliases.alias = 'vault-1' AND aliases.pki_realm = 'democa' )
> ),\"pki_realm\":\"democa\",\"userinfo\"
>
> MAIN_LOOP\",\"pki_realm\":\"democa\",\"userinfo\":{\"realname\":\"I18N_OPENXPKI_UI_USER_ANONYMOUS\"}}',
> modified='1606596607', ip_address=NULL
>
> This is the full transaction, 71 from mysql general log.
>
>
>> 71 Connect [email protected] as anonymous on
>> openxpki_itops
>> 71 Query SET autocommit=0
>> 71 Query SET SESSION TRANSACTION ISOLATION LEVEL READ
>> COMMITTED
>> 71 Query INSERT INTO backend_session (session_id, created,
>> ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==',
>> '1606596607', NULL, 'JSON:{\"status\":\"SESSION_ID_SENT\",\"is_valid\":0}',
>> '1606596607') ON DUPLICATE KEY UPDATE modified='1606596607',
>> data='JSON:{\"status\":\"SESSION_ID_SENT\",\"is_valid\":0}', ip_address=NULL
>> 71 Query COMMIT
>> 71 Query INSERT INTO backend_session (session_id, created,
>> ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==',
>> '1606596607', NULL,
>> 'JSON:{\"is_valid\":0,\"pki_realm\":\"democa\",\"status\":\"WAITING_FOR_AUTHENTICATION_STACK\"}',
>> '1606596607') ON DUPLICATE KEY UPDATE
>> data='JSON:{\"is_valid\":0,\"pki_realm\":\"democa\",\"status\":\"WAITING_FOR_AUTHENTICATION_STACK\"}',
>> modified='1606596607', ip_address=NULL
>> 71 Query COMMIT
>> 71 Query INSERT INTO backend_session (session_id, created,
>> ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==',
>> '1606596607', NULL,
>> 'JSON:{\"authentication_stack\":\"_System\",\"role\":\"System\",\"user\":\"anonymous\",\"is_valid\":\"1\",\"status\":\"MAIN_LOOP\",\"pki_realm\":\"democa\",\"userinfo\":{\"realname\":\"I18N_OPENXPKI_UI_USER_ANONYMOUS\"}}',
>> '1606596607') ON DUPLICATE KEY UPDATE
>> data='JSON:{\"authentication_stack\":\"_System\",\"role\":\"System\",\"user\":\"anonymous\",\"is_valid\":\"1\",\"status\":\"MAIN_LOOP\",\"pki_realm\":\"democa\",\"userinfo\":{\"realname\":\"I18N_OPENXPKI_UI_USER_ANONYMOUS\"}}',
>> modified='1606596607', ip_address=NULL
>> 71 Query COMMIT
>> 71 Query SELECT certificate.data, certificate.subject,
>> certificate.identifier, certificate.notbefore, certificate.notafter,
>> certificate.subject_key_identifier FROM certificate INNER JOIN aliases ON (
>> certificate.identifier = aliases.identifier ) WHERE ( ( aliases.alias =
>> 'vault-1' AND aliases.pki_realm = 'democa' ) )
>> 71 Query ROLLBACK
>> 69 Quit
>> 70 Quit
>> 71 Query ROLLBACK
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
