Hi Elvira,
On Tue, May 26, 2009 at 09:32:33AM +0400, Chudnovskaya Elvira wrote:
> Attach a small block of stderr.log
> I just made all that operations I talked about (list my certificates)
Here is the interesting part:
2009-05-26 09:19:28.299382 DEBUG:1 PID:88210
OpenXPKI::Service::Default::__handle_COMMAND (line 585): Permission denied for
Service::list_my_certificates.
2009-05-26 09:19:28.301397 DEBUG:16 PID:88210
OpenXPKI::Exception::__fake_stacktrace_new (line 128): fake_stacktrace_new
called
2009-05-26 09:19:28.303930 DEBUG:128 PID:88210 OpenXPKI::Service::__get_error
(line 133): $VAR1 = {
'EXCEPTION' => bless( {
'egid' => '777 777',
'euid' => '777',
'gid' => '777 777',
'message' =>
'I18N_OPENXPKI_SERVICE_DEFAULT_COMMAND_PERMISSION_DENIED',
'params' => {
'EXCEPTION' => bless( {
'egid' =>
'777 777',
'euid' =>
'777',
'gid' => '777
777',
'message' =>
'I18N_OPENXPKI_SERVER_ACL_AUTHORIZE_ILLEGAL_AUTH_ROLE',
'params' => {
'ACTIVITY' => 'Service::list_my_certificates',
'AFFECTED_ROLE' => '',
'AUTH_ROLE' => 'rcb3Cmlp',
'PKI_REALM' => 'CYBORG'
},
'pid' =>
88210,
'time' =>
1243315168,
'trace' =>
bless( {}, 'Devel::StackTrace' ),
'uid' => '777'
},
'OpenXPKI::Exception' )
},
'pid' => 88210,
'time' => 1243315168,
'trace' => bless( {}, 'Devel::StackTrace' ),
'uid' => '777'
}, 'OpenXPKI::Exception' )
};
It looks like you are logged in with a role of 'rcb3Cmlp' - which
is a role that is not listed in your acl.xml. I assume you logged
in with External Dynamic and your real password instead of a role
such as "User" or "RA Operator" (happens to me all the time, too ;-) ...
On a production system you would cut down the authentication stacks
that are available, so I don't really consider this a bug, as "External
Dynamic" is only for testing and development anyways.
Cheers,
Alex
--
Dipl.-Math. Alexander Klink | IT-Security Engineer
[email protected] | working @ urn:oid:1.3.6.1.4.1.11417
------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, &
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
