I want to build a small evaluation OnDemand server with PAM authentication for a local user and possibly one in Kerberos. I installed the latest OnDemand on Centos7 and went through the install document, especially https://osc.github.io/ood-documentation/master/authentication/pam.html
- all services started with no problem. I added this to /etc/ood/config/ood_portal.yml:
auth:
- 'AuthType Basic'
- 'AuthName "Open OnDemand"'
- 'AuthBasicProvider PAM'
- 'AuthPAMService ood'
- 'Require valid-user'
# Capture system user name from authenticated user name
user_map_cmd: "/opt/ood/ood_auth_map/bin/ood_auth_map.regex"
I did a useradd ood and this works fine:
# /opt/ood/ood_auth_map/bin/ood_auth_map.regex ood
ood
I regenerated the apache config and restarted, but I get an error when I try to log into the web page. The login popup comes up and won’t let me log in. in httpd24/error.log I get:
[Wed Feb 10 02:56:07.335347 2021] [authnz_pam:warn] [pid 23546] [client 10.2.3.29:26304] PAM authentication failed for user ood: System error
[Wed Feb 10 02:56:07.337242 2021] [auth_basic:error] [pid 23546] [client 10.2.3.29:26304] AH01617: user ood: authentication failure for "/pun/sys/dashboard": Password Mismatch
This does the same thing for a shell local user on the VM that can authenticate with Kerberos. Please note, my ‘ood’ user and my Kerberos user can SSH in to the VM with PAM no problem by supplying the password.
I don’t see any more errors in the apache logs, what’s the best way to troubleshoot? Thanks