[Pki-users] DogTag ca denied (inside IPA)

Marc Sauton msauton at redhat.com
Mon Feb 25 22:06:10 UTC 2019 

This is from IPA custodia.
Are there any Dogtag related logs to those events in
/var/log/pki/pki-tomcatd/*/debug or /var/log/httpd/* ?
May be the CA signing key access requires more privilege.
Thanks,
M.

On Mon, Feb 25, 2019 at 6:34 AM Kat <uncommonkat at gmail.com> wrote:

> Hi all - new to list. I can't find the answer on the IPA mailing list and
> I really thing this is directly related to DogTag anyway.
>
> Trying to debug a key being denied. Here is a little snippet of log. Where
> can I find WHY it is getting denied - or is there some additional debug I
> can turn on to find it? See the last one? This is driving me crazy - if
> anyone can point me to debug settings or anything to help me diagnose?
>
> 2019-02-09 16:12:56 - SimpleCredsAuth-[auth:simple]    - PASS: '30015'
> authenticated as '48, 48'
> 2019-02-09 16:12:56 - SimpleHeaderAuth-[auth:header]   - PASS: '30015'
> authenticated as '(null)'
> 2019-02-09 16:12:56 - IPAKEMKeys-[authz:kemkeys]       - PASS: '30015'
> authorized for '/keys'
> 2019-02-09 16:12:57 - Secrets-[/keys]                  - ALLOWED: '(null)'
> requested key 'ca/subsystemCert cert-pki-ca'
> 2019-02-09 16:14:53 - SimpleCredsAuth-[auth:simple]    - PASS: '30015'
> authenticated as '48, 48'
> 2019-02-09 16:14:53 - SimpleHeaderAuth-[auth:header]   - PASS: '30015'
> authenticated as '(null)'
> 2019-02-09 16:14:53 - IPAKEMKeys-[authz:kemkeys]       - PASS: '30015'
> authorized for '/keys'
> 2019-02-09 16:14:53 - Secrets-[/keys]                  - ALLOWED: '(null)'
> requested key 'ra/ipaCert'
> 2019-02-09 16:17:34 - SimpleCredsAuth-[auth:simple]    - PASS: '24826'
> authenticated as '48, 48'
> 2019-02-09 16:17:34 - SimpleHeaderAuth-[auth:header]   - PASS: '24826'
> authenticated as '(null)'
> 2019-02-09 16:17:34 - IPAKEMKeys-[authz:kemkeys]       - PASS: '24826'
> authorized for '/keys'
> 2019-02-09 16:17:34 - Secrets-[/keys]                  - ALLOWED: '(null)'
> requested key 'dm/DMHash'
> *2019-02-25 09:21:47 - SimpleCredsAuth-[auth:simple]    - PASS: '5570'
> authenticated as '48, 48'*
> *2019-02-25 09:21:47 - SimpleHeaderAuth-[auth:header]   - PASS: '5570'
> authenticated as '(null)'*
> *2019-02-25 09:21:47 - IPAKEMKeys-[authz:kemkeys]       - PASS: '5570'
> authorized for '/keys'*
> *2019-02-25 09:21:47 - Secrets-[/keys]                  - DENIED: '(null)'
> requested key 'ca/caSigningCert cert-pki-ca'*
>
> -K
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190225/e7069328/attachment.htm>

More information about the Pki-users mailing list