1 Reply Latest reply on Jan 4, 2011 4:52 AM by R V

    client authentication with certificate fails

    R V

      hi all,


      I am in BL8.0 SP6, environment is Linux 32bit and I try to setup authentication between appserver and agent using a certificate.


      I did all three steps mentioned in the administration guide (generating the certificate, adding the passphrase to the appserver's securecert-file and adding the SHA1-fingerprint to the agents certs/bladmin-file). To allow the root-users to connect from the appserver to the agent I added "root   rw,map=root" to the users.local-file of the agent.


      When I now try to invoke some command like "nexec -i -l blrscd80 /bin/bash" I get


      - in the agent's rscd.log:

      01/04/11 08:13:40.655 WARN     rscd - 5843 0/0 (root): nexec: Certificate check failed


      - on the appservers's commandline:

      Not authorized to run this command


      Added info: when I invoke "agentinfo blrscd80" I get:


        Agent Release   :

        Hostname        : blrscd80

        Operating System: Linux 2.6.18-164.el5

        User Permissions: 0/0 (root/root)

        Security        : Protocol=5, Encryption=TLS1 with X.509 Certificates

        Host ID         : A8C0CBBB

        # of Processors : 1

        License Status  : Licensed for NSH/CM - Expires Tue May 17 23:06:36 2011


      This seems to be ok.


      Does anyone have an idea what caused this error?





      Nachricht geändert durch Reinhard Vielhaber -  added "agentinfo"-output

        • 1. client authentication with certificate fails
          R V

          The solution was very simple. The documentation describes the way to allow client-connections for the "bladmin"-user. But I invoked the "nexec"-command as "root"...


          After creating a certificate for "root" and changing "bladmin" to "root" in the secadmin- and putcert-commands, I was able to connect in a secure manner.