[Pki-users] DogTag ca denied (inside IPA)

Kat uncommonkat at gmail.com
Mon Feb 25 14:33:33 UTC 2019 

Hi all - new to list. I can't find the answer on the IPA mailing list 
and I really thing this is directly related to DogTag anyway.

Trying to debug a key being denied. Here is a little snippet of log. 
Where can I find WHY it is getting denied - or is there some additional 
debug I can turn on to find it? See the last one? This is driving me 
crazy - if anyone can point me to debug settings or anything to help me 
diagnose?

2019-02-09 16:12:56 - SimpleCredsAuth-[auth:simple]    - PASS: '30015' 
authenticated as '48, 48'
2019-02-09 16:12:56 - SimpleHeaderAuth-[auth:header]   - PASS: '30015' 
authenticated as '(null)'
2019-02-09 16:12:56 - IPAKEMKeys-[authz:kemkeys]       - PASS: '30015' 
authorized for '/keys'
2019-02-09 16:12:57 - Secrets-[/keys]                  - ALLOWED: 
'(null)' requested key 'ca/subsystemCert cert-pki-ca'
2019-02-09 16:14:53 - SimpleCredsAuth-[auth:simple]    - PASS: '30015' 
authenticated as '48, 48'
2019-02-09 16:14:53 - SimpleHeaderAuth-[auth:header]   - PASS: '30015' 
authenticated as '(null)'
2019-02-09 16:14:53 - IPAKEMKeys-[authz:kemkeys]       - PASS: '30015' 
authorized for '/keys'
2019-02-09 16:14:53 - Secrets-[/keys]                  - ALLOWED: 
'(null)' requested key 'ra/ipaCert'
2019-02-09 16:17:34 - SimpleCredsAuth-[auth:simple]    - PASS: '24826' 
authenticated as '48, 48'
2019-02-09 16:17:34 - SimpleHeaderAuth-[auth:header]   - PASS: '24826' 
authenticated as '(null)'
2019-02-09 16:17:34 - IPAKEMKeys-[authz:kemkeys]       - PASS: '24826' 
authorized for '/keys'
2019-02-09 16:17:34 - Secrets-[/keys]                  - ALLOWED: 
'(null)' requested key 'dm/DMHash'
*2019-02-25 09:21:47 - SimpleCredsAuth-[auth:simple]    - PASS: '5570' 
authenticated as '48, 48'**
**2019-02-25 09:21:47 - SimpleHeaderAuth-[auth:header]   - PASS: '5570' 
authenticated as '(null)'**
**2019-02-25 09:21:47 - IPAKEMKeys-[authz:kemkeys]       - PASS: '5570' 
authorized for '/keys'**
**2019-02-25 09:21:47 - Secrets-[/keys]                  - DENIED: 
'(null)' requested key 'ca/caSigningCert cert-pki-ca'*

-K

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190225/74cdf034/attachment.htm>

More information about the Pki-users mailing list