Light

Error enabling plugin auth: Error making API request (plugin exited before we could connect) about vault-plugin-auth-kerberos HOT 6 CLOSED

wintoncode commented on July 23, 2024

Error enabling plugin auth: Error making API request (plugin exited before we could connect)

from vault-plugin-auth-kerberos.

Comments (6)

kristian-lesko commented on July 23, 2024

Hello,

try putting the -client-key argument name before the /etc/vault_pki/consul.key value in the vault write command.

from vault-plugin-auth-kerberos.

pault28 commented on July 23, 2024

@kristian-lesko Thanks for the reply. I have corrected that typo but the error persist:

vault auth enable -plugin-name=kerberos-auth-plugin plugin

vault read sys/plugins/catalog/kerberos-auth-plugin                                              Key        Value
---        -----
args       [-ca-cert /etc/vault_pki/consul.pem -client-cert /etc/vault_pki/consul.crt -client-key /etc/vault_pki/consul.key -tls-skip-verify]
builtin    false
command    vault-plugin-auth-kerberos
name       kerberos-auth-plugin
sha256     066a8f39099d2a0efe50cedd5b254d60466e8dfa6323d74ee0ef7cc9926ed4c4

from vault-plugin-auth-kerberos.

ah- commented on July 23, 2024

Can you get some more logs?

I'd try just running the plugin manually with your arguments:
vault-plugin-auth-kerberos -ca-cert /etc/vault_pki/consul.pem -client-cert /etc/vault_pki/consul.crt -client-key /etc/vault_pki/consul.key -tls-skip-verify
and then run vault with debug logging:
vault server -config=vault.hcl -log-level=debug

from vault-plugin-auth-kerberos.

pault28 commented on July 23, 2024

Thanks once again. I got a bit more logs:

Apr 18 13:49:45 BL-SVR-TST201 vault[25899]: 2018/04/18 13:49:45.643288 [DEBUG] plugin.metadata: starting plugin: path=/etc/vault                                                                                                             _plugins/vault-plugin-auth-kerberos args=[/etc/vault_plugins/vault-plugin-auth-kerberos -ca-cert /etc/vault_pki/consul.pem -clie                                                                                                             nt-cert /etc/vault_pki/consul.crt -client-key /etc/vault_pki/consul.key -tls-skip-verify]
Apr 18 13:49:45 BL-SVR-TST201 vault[25899]: 2018/04/18 13:49:45.643909 [DEBUG] plugin.metadata: waiting for RPC address: path=/e                                                                                                             tc/vault_plugins/vault-plugin-auth-kerberos
Apr 18 13:49:45 BL-SVR-TST201 vault[25899]: 2018/04/18 13:49:45.647203 [DEBUG] plugin.metadata.vault-plugin-auth-kerberos: 2018/                                                                                                             04/18 13:49:45 cannot allocate memory
Apr 18 13:49:45 BL-SVR-TST201 vault[25899]: 2018/04/18 13:49:45.647744 [DEBUG] plugin.metadata: plugin process exited: path=/etc                                                                                                             /vault_plugins/vault-plugin-auth-kerberos
Apr 18 13:49:45 BL-SVR-TST201 vault[25899]: 2018/04/18 13:49:45.647794 [ERROR] sys: enable auth mount failed: path=kerberos/ err                                                                                                             or=plugin exited before we could connect

from vault-plugin-auth-kerberos.

pault28 commented on July 23, 2024

Thanks @kristian-lesko @ah- this works now. Turned out I needed to ensure mlock has infinity:
LimitMEMLOCK=infinity is all I added to to the systemd config for vault and was then able to enable it.
All good here...closing.

vault auth list
Path         Type      Description
----         ----      -----------
kerberos/    plugin    n/a
ldap/        ldap      n/a
token/       token     token based credentials

PS: ulimit -l was quite low.

 ulimit -l
64

from vault-plugin-auth-kerberos.

ah- commented on July 23, 2024

Great, thanks for reporting back!

from vault-plugin-auth-kerberos.

Related Issues (10)

Decrypting_Error: Service key not available HOT 20
Authentication fails when KVNO is not 1 HOT 4
Mapping Users to Groups HOT 6
I suggest supporting request headers HOT 3
PLUGIN_MIN_PORT and PLUGIN_MAX_PORT
Kerberos Login HOT 6
policies not being assigned to authenticated kerberos user HOT 5
Basic C# .NET Client code example for this? HOT 10
ClientClaimsInfo error when authenticating with winkerberos HOT 8

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.