This is from IPA custodia. Are there any Dogtag related logs to those events in /var/log/pki/pki-tomcatd/*/debug or /var/log/httpd/* ? May be the CA signing key access requires more privilege. Thanks, M.
On Mon, Feb 25, 2019 at 6:34 AM Kat <uncommon...@gmail.com> wrote: > Hi all - new to list. I can't find the answer on the IPA mailing list and > I really thing this is directly related to DogTag anyway. > > Trying to debug a key being denied. Here is a little snippet of log. Where > can I find WHY it is getting denied - or is there some additional debug I > can turn on to find it? See the last one? This is driving me crazy - if > anyone can point me to debug settings or anything to help me diagnose? > > 2019-02-09 16:12:56 - SimpleCredsAuth-[auth:simple] - PASS: '30015' > authenticated as '48, 48' > 2019-02-09 16:12:56 - SimpleHeaderAuth-[auth:header] - PASS: '30015' > authenticated as '(null)' > 2019-02-09 16:12:56 - IPAKEMKeys-[authz:kemkeys] - PASS: '30015' > authorized for '/keys' > 2019-02-09 16:12:57 - Secrets-[/keys] - ALLOWED: '(null)' > requested key 'ca/subsystemCert cert-pki-ca' > 2019-02-09 16:14:53 - SimpleCredsAuth-[auth:simple] - PASS: '30015' > authenticated as '48, 48' > 2019-02-09 16:14:53 - SimpleHeaderAuth-[auth:header] - PASS: '30015' > authenticated as '(null)' > 2019-02-09 16:14:53 - IPAKEMKeys-[authz:kemkeys] - PASS: '30015' > authorized for '/keys' > 2019-02-09 16:14:53 - Secrets-[/keys] - ALLOWED: '(null)' > requested key 'ra/ipaCert' > 2019-02-09 16:17:34 - SimpleCredsAuth-[auth:simple] - PASS: '24826' > authenticated as '48, 48' > 2019-02-09 16:17:34 - SimpleHeaderAuth-[auth:header] - PASS: '24826' > authenticated as '(null)' > 2019-02-09 16:17:34 - IPAKEMKeys-[authz:kemkeys] - PASS: '24826' > authorized for '/keys' > 2019-02-09 16:17:34 - Secrets-[/keys] - ALLOWED: '(null)' > requested key 'dm/DMHash' > *2019-02-25 09:21:47 - SimpleCredsAuth-[auth:simple] - PASS: '5570' > authenticated as '48, 48'* > *2019-02-25 09:21:47 - SimpleHeaderAuth-[auth:header] - PASS: '5570' > authenticated as '(null)'* > *2019-02-25 09:21:47 - IPAKEMKeys-[authz:kemkeys] - PASS: '5570' > authorized for '/keys'* > *2019-02-25 09:21:47 - Secrets-[/keys] - DENIED: '(null)' > requested key 'ca/caSigningCert cert-pki-ca'* > > -K > _______________________________________________ > Pki-users mailing list > Pki-users@redhat.com > https://www.redhat.com/mailman/listinfo/pki-users
_______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
