Please cherry pick my changes to your code. This should be fixed before RHEL5.5 is released. +++ This bug was initially created as a clone of Bug #540544 +++ Description of problem: backend API call up2date.(un)subscribeChannels do not authenticate properly. It call method rhnChannel.__auth_user() which compare crypted password with uncrypted password, which always fail. Version-Release number of selected component (if applicable): sat530 How reproducible: always Steps to Reproduce: 1. PYTHONPATH=/usr/share/rhn python import rhnserver import up2dateAuth s = rhnserver.RhnServer() s.up2date.subscribeChannels(up2dateAuth.getSystemId(), 'foo', 'username', 'password') Actual results: Error Class Code: 2 Error Class Info: Invalid username and password combination. Expected results: correct username and password, and error about unknown channel. --- Additional comment from msuchy on 2009-11-24 07:43:43 EDT --- rhnUser.check_user_password check if password is correct but we want rather call auth_username_password, which return object rhnUser. There is no need for additional checks. And they even did not worked, becouse we usually have in db crypted password, but password given as param is not crypted! Commited to Spacewalk git as: 22bddd07e3ba11ee5b70f8e205ab04e729634f05 ee4f1d0d44bbf90a1396532c83b9b4a0da646c74 --- Additional comment from cperry on 2009-11-24 10:58:14 EDT --- Approved and moving to 531. We will need to collect this bug as part of an Errata. Server side fix being made in prep to support the proposed RFE to allow for the RHEL 5 client, with right username/password access to change child channels using the client, vs having to login to RHN or Satellite. Mirek will also clone to track for RHN fix. Cliff