Bug 720019

Summary: Expired user certificates
Product: Red Hat Update Infrastructure for Cloud Providers Reporter: Jay Dobies <jason.dobies>
Component: DocumentationAssignee: Lana Brindley <lbrindle>
Status: CLOSED CURRENTRELEASE QA Contact: wes hayutin <whayutin>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 2.0CC: jskeoch, kbidarka, mhideo, sghai, tsanders
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-07-29 04:54:16 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Jay Dobies 2011-07-08 17:58:24 UTC
I'm not sure where to put this, or for that matter even if it needs to be there. So I'll explain what it is that's going on and you can figure out the details :)

When a user logs into RHUI, it stores a certificate in ~/.rhui/<server name> that is used as authentication for all communications with the RHUA. These certificates are valid for 1 week.

After that week, all communications with the RHUA will throw an error until a new certificate is obtained. This boils down to two possibilities:

- The user attempts to launch RHUI Manager with an existing certificate that has expired. In that case, RHUI Manager will delete the expired certificate and prompt the user to log in again (* are not part of the output, just to delimit what is from the UI):

*****
Existing certificate for server atlantis was found but has expired.

Previous authentication credentials could not be found. Logging into
the RHUI.

If this is the first time using the RHUI, it is recommended to change
the user's password in the User Management section of RHUI Tools.

RHUI Username: admin
RHUI Password: 
*****

- The user is already running RHUI Manager when the certificate expires. The user won't actually know it's expired until he attempts to do something against the server, such as list repositories or CDS instances. In that case, we inform the user what happened and log them out, deleting the certificate. This also exits the RHUI Manager. The next time RHUI Manager is started, it will detect that there is no user certificate and will prompt the user to log in again:

*****
------------------------------------------------------------------------------
rhui (repo) => l

The current user's certificate has expired. Restart RHUI Manager
to log in again and retrieve a new certificate.

[user returned to prompt]
*****

Comment 1 Lana Brindley 2011-07-18 03:04:16 UTC
Does this cover it?

<listitem>
	<para>
		RHUI Manager will store authentication credentials for one week. Once authentication details have expired, all communications will fail until they have been refreshed. If you are using &RHUI; when the credentials expire, you will be prompted to renew them the next time they are required for an operation. Otherwise, you will be asked to log in again next time you start RHUI Manager.
	</para>
</listitem>

Revision 1-19

LKB

Comment 2 John Skeoch 2011-07-20 01:58:07 UTC
Jay, can you confirm you are satisfied with the text in Comment#1. 
If so I can Verify.

Comment 3 Jay Dobies 2011-07-25 12:25:19 UTC
Looks good to me, thanks.

Comment 7 Lana Brindley 2011-07-29 04:54:16 UTC
This book is now available at http://docs.redhat.com/docs/en-US/Red_Hat_Update_Infrastructure/2.0/html/Installation_Guide/index.html

Please raise a new bug for any further changes.

LKB