Hide Forgot
Description of problem: I'm trying to bump the .conf version number and ricci prompts me continuously for auth passwords. It never stops (even though I continue to enter the correct vaild password) which is super annoying. The only error can only be found in messages: Mar 4 14:21:37 hayes-01 saslauthd[1947]: do_auth : auth failure: [user=ricci] [service=ricci] [realm=] [mech=pam] [reason=PAM auth error] Mar 4 14:21:42 hayes-01 saslauthd[1948]: do_auth : auth failure: [user=ricci] [service=ricci] [realm=] [mech=pam] [reason=PAM auth error] [root@hayes-01 ~]# cman_tool version -r You have not authenticated to the ricci daemon on hayes-01 Enter the ricci password for hayes-01: You have not authenticated to the ricci daemon on hayes-03 Enter the ricci password for hayes-03: You have not authenticated to the ricci daemon on hayes-02 Enter the ricci password for hayes-02: You have not authenticated to the ricci daemon on hayes-01 Enter the ricci password for hayes-01: You have not authenticated to the ricci daemon on hayes-03 Enter the ricci password for hayes-03: You have not authenticated to the ricci daemon on hayes-02 Enter the ricci password for hayes-02: You have not authenticated to the ricci daemon on hayes-03 Enter the ricci password for hayes-03: [THIS GOES ON FOREVER] A ^C doesn't even help. If the cmd fails, then exit already. Version-Release number of selected component (if applicable): ricci-0.16.2-28.el6.x86_64 cman-3.0.12-34.el6.x86_64
The above "Enter the ricci password" endless loop should be replaced with a single message stating "hey dummy, run passwd ricci".
If the password entered isn't correct, cman_tool should immediately fail (with a message to that effect). It shouldn't continue to request a password. devel_acking this.
Due to the way ccs_sync was written a rewrite of major parts of the code would be necessary to completely fix the broken behavior. However, now when you type Control-C, it will actually interrupt the program and get you out. Also, if you enter an incorrect password for a node, ccs_sync may ask your for passwords for other nodes, but it will not ask for the password for a node more than once. How to test: On all ricci nodes: rm -f /var/lib/ricci/certs/clients/client_cert_* service ricci restart On node running ccs_sync: [root@ask-03 ~]# ccs_sync You have not authenticated to the ricci daemon on ask-03 Password: <enter bad password here> Incorrect ricci password for ask-03 [root@ask-03 ~]# With old ccs_sync it would continually ask for the nodes password instead of failing
This now exits after receiving an invalid password, as well as when receiving a ^C. I'd still like to see it exit right away with a "run 'passwd ricci'" message when it knows that authenticated hasn't even taken place yet. I'll file another RFE for that and mark this one verified. [root@taft-01 ~]# cman_tool version -r You have not authenticated to the ricci daemon on taft-01 Password: You have not authenticated to the ricci daemon on taft-04 Password: You have not authenticated to the ricci daemon on taft-03 Password: You have not authenticated to the ricci daemon on taft-02 Password: Incorrect ricci password for taft-01 cman_tool: ccs_sync failed. If you have distributed the config file yourself, try re-running with -S [root@taft-01 ~]# cman_tool version -r You have not authenticated to the ricci daemon on taft-03 Password: You have not authenticated to the ricci daemon on taft-04 Password: ^C cman_tool: ccs_sync failed. If you have distributed the config file yourself, try re-running with -S
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2011-0749.html