[Pki-users] Invalid Credential / User not found

Ebbe Hansen ehansen at spyrus.com
Mon Apr 28 22:58:40 UTC 2008 

DogTag support,

By enabling the Linux LDAP authentication option, I was successful
eliminating the "Invalid Credential" error message when starting the
"DogTag" WEB Agent.

My question is now, how do I "enable" the LDAP authentication option when
executing the WEB Agent via a FireFox browser that executes on a windows-XP
perform?

I have found some Internet sites that mention a "LDAP plug-in" -- is such
module available for FireFox/windows so I can execute the "DogTag" WEB Agent
from windows??

Ebbe Hansen @ SPYRUS



"This message and any attached documents contain SPYRUS confidential and/or
proprietary information and may be subject to privilege or exempt from
disclosure under applicable law. These materials are intended only for the
use of the intended recipient. If you are not the intended recipient of this
electronic message, you are hereby notified that any use of this message is
strictly prohibited. Delivery of this message to any person other than the
intended recipient shall not constitute any waiver of any privilege. If you
have received this message in error, please delete this message from your
system and notify the sender immediately. Thank you."

-----Original Message-----
From: Jack Magne [mailto:jmagne at redhat.com] 
Sent: Friday, April 25, 2008 4:48 PM
To: Ebbe Hansen
Cc: pki-users at redhat.com
Subject: Re: [Pki-users] Invalid Credential / User not found

Ebbe:

You can leave your current directory instance. When you re-do the config 
wizard, you will just have to give unique names for the new directory 
trees it will have to create. Removing instances is a great idea for us 
to work on.

thanks,
jack

Ebbe Hansen wrote:
> Thanks for the advice -- so far I have created three CA instances using
> different names (pki-ca, pki-ca1, and pki-ca2) -- I will remove all
> three and start all over!
>
> With respect to directory server instance(s)  - should I also remove
> them?
>
> If yes -- what command(s) should I use?
>
> Ebbe
>
> "This message and any attached documents contain SPYRUS confidential
> and/or proprietary information and may be subject to privilege or exempt
> from disclosure under applicable law. These materials are intended only
> for the use of the intended recipient. If you are not the intended
> recipient of this electronic message, you are hereby notified that any
> use of this message is strictly prohibited. Delivery of this message to
> any person other than the intended recipient shall not constitute any
> waiver of any privilege. If you have received this message in error,
> please delete this message from your system and notify the sender
> immediately. Thank you."
>
> -----Original Message-----
> From: Jack Magne [mailto:jmagne at redhat.com] 
> Sent: Friday, April 25, 2008 4:20 PM
> To: Ebbe Hansen; pki-users at redhat.com
> Subject: Re: [Pki-users] Invalid Credential / User not found
>
> Ebbe:
>
> Thanks for trying out Dogtag. A few tips to help out below.
>
> During the wizard when you saw the message "This certificate can't be 
> verified and will not be imported. The certificate issuer might be 
> unknown or untrusted, the certificate might have expired or been 
> revoked, or the certificate might not have been approved.", you most 
> probably had your agent certificate imported OK. We have a bug for this 
> that we are working on. This message shows up despite an actual 
> successful import.
>
> The "preop.pin" you speak of is used in the case that one has not yet 
> completed the installation wizard.
>
> Here are few things you can try:
>
> 1. If you have already finished the wizard, you should be able to simply
>
> proceed to the agent interface URL without any pin, provided you have 
> successfully imported the Admin cert. Simply go to 
> "https://host.example.com:9443" and see if you can proceed using the 
> agent interface.
>
> 2. If the nasty error message from above scared you off of actually 
> finishing the configuration wizard, go back and do so. This is done with
>
> the URL that gets printed when the instance is installed. It looks 
> something like:
>
> http://host.example.com:9080/ca/admin/console/config/login?<preop.pin>
>
> 3. If everything is too confused, you can start the process over by 
> using our "pkiremove" tool which removes an existing instance. Try 
> something like, as root:
>
> pkiremove -pki_instance_root=/var/lib -pki_instance_name=pki-ca
>
> The "pki-ca" at the end is the name of the instance you are trying to 
> remove. The very first instance that is installed when you install the 
> RPM is in fact "pki-ca".
>
>  From here you can try again by doing the following as root:
>
> rpm -ev pki-ca
> yum install pki-ca
>
> This will reinstall your RPM for the CA and create a brand new instance.
>
> Note: Make sure you have used "pkiremove" to remove all instances you 
> may have created before trying this.
>
> 4. If the above is too confusing, we can hash it out on the "#dogtag-pi"
>
> IRC channel.
>
> thanks,
> jack
>
>
> Ebbe Hansen wrote:
>   
>> After using the DogTag WEB Agent client once (based upon "preop.pin" 
>> value) the WEB Agent fail to continue to operate with error message= 
>> "Invalid Credential" .
>>
>> The "/var/lib/<instance>/logs/system" file reports an "User not found"
>>     
>
>   
>> error.
>>
>> NOTE: During the CA configuration setup the following Alert is 
>> displayed when the administrator certificate is installed:
>>
>> "This certificate can't be verified and will not be imported. The 
>> certificate issuer might be unknown or untrusted, the certificate 
>> might have expired or been revoked, or the certificate might not have 
>> been approved."
>>
>> Suggestions on what to try next will be appreciated?
>>
>> Ebbe Hansen @ SPYRUS
>>
>> "This message and any attached documents contain SPYRUS confidential 
>> and/or proprietary information and may be subject to privilege or 
>> exempt from disclosure under applicable law. These materials are 
>> intended only for the use of the intended recipient. If you are not 
>> the intended recipient of this electronic message, you are hereby 
>> notified that any use of this message is strictly prohibited. Delivery
>>     
>
>   
>> of this message to any person other than the intended recipient shall 
>> not constitute any waiver of any privilege. If you have received this 
>> message in error, please delete this message from your system and 
>> notify the sender immediately. Thank you."
>>
>>
>>     
> ------------------------------------------------------------------------
>   
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>>   
>>     
>
>   
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3916 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20080428/8957e7dc/attachment.bin>

More information about the Pki-users mailing list