[ckan-dev] ckanext-security in CKAN 2.7.2 - SOLVED

lucia.espona at wsl.ch lucia.espona at wsl.ch
Wed Oct 11 08:33:18 UTC 2017 

 Thanks a lot Cam

We would like to make our CKAN instance more secure but there is no specific security requirement we need right now. 
Therefore to get them integrated in the core would be ideal, I am taking a look at it.

I hope your twins are doing well :)

Best,
Lucia


_________________________________________________________
Dr. Lucia Espona Pernas

Swiss Federal Institute for Forest, Snow and Landscape Research WSL
Hauptgebäaude Labortrakt (HL C21)
Zürcherstrasse 111
8903 Birmensdorf
Switzerland

+41 44 739 28 71 phone direct
+41 44 739 21 11 reception

www.wsl.ch

-----"ckan-dev" <ckan-dev-bounces at lists.okfn.org> wrote: -----
To: CKAN Development Discussions <ckan-dev at lists.okfn.org>
From: Cam Findlay 
Sent by: "ckan-dev" 
Date: 10.10.2017 23:29
Subject: Re: [ckan-dev] ckanext-security in CKAN 2.7.2

Might be worth mentioning that some features in this extension were rolled directly into 2.7.x release and so this module as it stand might only be valid for 2.6.x CKAN installs (however perhaps some pull requests to make it 2.7.x compatible might make sense dropping out those features now natively in 2.7.x core?). May have to look in the issues on github for that extension to find the parts that have been added to core.

Cheers,

Cam.


On 10 October 2017 at 23:26,  <lucia.espona at wsl.ch> wrote:
 Hi Karen

I had different values for the properties you mention so I set them now to:

[...]
beaker.session.url = 127.0.0.1:11211
beaker.session.cookie_domain = 127.0.0.1
[...]
ckan.site_url = http://127.0.0.1:5000
[...]
ckanext.security.memcached = 127.0.0.1:11211  
ckanext.security.domain = 127.0.0.1
[...]

..but the problem persists and I cannot log in.

I don't get any exception or error in the logs, furthermore the ckan.lib.authenticator.UsernamePasswordAuthenticator.authenticate() method succeeds. If I write a wrong password I can see the error in the logs from this method so the authentication should actually be ok but I cannotlogin.

Thanks a lot anyway for your advice.

Best,
Lucia

_________________________________________________________
Dr. Lucia Espona Pernas

Swiss Federal Institute for Forest, Snow and Landscape Research WSL
Hauptgebäaude Labortrakt (HL C21)
Zürcherstrasse 111
8903 Birmensdorf
Switzerland

+41 44 739 28 71 phone direct
+41 44 739 21 11 reception

www.wsl.ch

-----"ckan-dev" <ckan-dev-bounces at lists.okfn.org> wrote: -----
To: CKAN Development Discussions <ckan-dev at lists.okfn.org>
From: Karen Turner 
Sent by: "ckan-dev" 
Date: 10.10.2017 11:59
Subject: Re: [ckan-dev] ckanext-security in CKAN 2.7.2


Hi

On 10/10/2017, at 9:33 PM, lucia.espona at wsl.ch wrote:
 Dear all

I am testing ckanext-security (https://github.com/data-govt-nz/ckanext-security) with my local CKAN 2.7.2 development instance.

I haven’t tested with CKAN 2.7 but with CKAN 2.6 I did come across this error when my
ckan.site_url and beaker.session.cookie_domain did not match.

In my case I had set one to be an ip address and the other to be the host name. So pages would display ok but it would fail the login.

Second and more critical, even if I "bypass" the previous error, I cannot log in with any user. Password reset seems to work fine but I get always the "Login failed. Bad username or password" error. I am trying to troubleshoot this but there is no failure message, I pasted below a piece of the log output. The only hint I see is the "INFO  [repoze.who] no identities found, not authenticating". 

If anyone has an idea of what's going on I would be grateful for any advice.

Best,
Lucia


----
Karen Turner
Catalyst IT
w: http://catalyst.net.nz
p: +64 4  803 2375

 
_______________________________________________
ckan-dev mailing list
ckan-dev at lists.okfn.org
https://lists.okfn.org/mailman/listinfo/ckan-dev
Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev

_______________________________________________
 ckan-dev mailing list
 ckan-dev at lists.okfn.org
 https://lists.okfn.org/mailman/listinfo/ckan-dev
 Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
 

 
_______________________________________________
ckan-dev mailing list
ckan-dev at lists.okfn.org
https://lists.okfn.org/mailman/listinfo/ckan-dev
Unsubscribe: https://lists.okfn.org/mailman/options/ckan-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.okfn.org/pipermail/ckan-dev/attachments/20171011/9cb91667/attachment-0003.html>

More information about the ckan-dev mailing list