cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

ESP 5.1 esp_cluster_admin username / password

Go to solution
Former Member

on ‎10-02-2012 9:27 AM

0 Kudos

Hello again

We have just installed ESP 5.1 and set up the server node. Now we have some trouble connecting to our server via esp_cluster_admin executable. It keeps asking for a username and password. We have set two passwords during installation for SCC but I do not know of any possibility to set a username.

In 5.0 we used the possibility to set the password prompt field in the node configuration xml file to "false" and therefore we didnt need a password there.

Where can i configure/set the username and passeword that is needed in this prompt?

Best regards,

Dave

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
‎10-02-2012 2:45 PM
0 Kudos

Hi Dave,

ESP 5.0 offered a type of authentication called "none" but this was found to be a security violation.  So ESP 5.1 requires some type of authentication.

In ESP 5.1 there are 6 types of authentication available:

1) RSA

2) LDAP

3) Kerberos

4) Studio local authentication

* When you run a product against Studio's "localnode.xml", it prompts you for a password.  It remembers this password for the duration of the session.  When you shut Studio down, it forgets the password.  See $ESP_HOME/studio/clustercfg/localnode.xml

5) Pre-Configured user authentication.  I think this type of authentication may be the best choice for setting up demonstrations so that there are no surprises that might be caused by customer specific setups of the other types of authentication (LDAP, Kerberos, Native Operating System, etc.).  For an example of this type, please see $ESP_HOME/cluster/examples/node1.xml

6) Native Operating System authentication.  If you choose a "Typical" installation, I believe this is the type of security that is defined in $ESP_HOME/cluster/nodes/node1/node1.xml.  There are some post-installation steps that must be completed for this one to work:

http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01611.0510/doc/html/cgo1341860285390...

(pay close attention that the format of the sybase-csi file varies based on the version of RedHat or SUSE).

Finally, if your ESP 5.0 C or Java program was using an authentication type of ESP_CREDENTIALS_NONE, it will not compile.  You need to change it to one of the following and recompile:

ESP_CREDENTIALS_USER_PASSWORD - This is applicable for standalone projects configured with PAM authentication, or clusters configured with user, ldap or kerberos authentication (numbers 2, 4, 5 or 6 from above).

ESP_CREDENTIALS_SERVER_RSA - Authentication using digest and signature verification.

ESP_CREDENTIALS_PROJECT_RSA - Legacy authentication mechanism.

ESP_CREDENTIALS_KERBEROS - Authentication using Kerberos ticket.

Hope this helps!

Thanks,

  Neal

Show replies
Show replies
Former Member
‎10-08-2012 4:40 PM
0 Kudos

Hi Neal,

thanks a lot for the explanations. However we still struggle to get this setup running. We tried this 5th option with specific setup. When I start ESP server with the cluster node in the examples folder I cannot connect using the following executable:

./esp_cluster_admin --uri=esp://localhost:19011 --auth=user-password --username=sybase --password=sybase

In the users.xml that the node1.xml in examples points to the setting says username = sybase and password = sybase

What am I missing/doing wrong?

Best regards,

Dave

Former Member
‎10-08-2012 4:52 PM
0 Kudos

Hi Dave,

I'm not sure what the "users.xml" does in the example node1.xml.  I logged a bug requesting an explanation but it has not been addressed yet.  I did test starting up a cluster with "users.xml" commented out and I was able to authenticate so that piece is not the critical one.

The important one is the "csi.xml" file which just points to "csi_local.xml".  You need this one to use the username "sybase" and password "sybase".

If you are unable to authenticate with "csi_local.xml" can you email me all of the files involved?

Also double check if there is an "http_proxy" environment variable defined.  You will need to undefine it prior to running ESP Server and Studio.

Thanks,

  Neal

Former Member
‎10-08-2012 5:11 PM
0 Kudos

Hi Neal,

http_proxy is set, but we kind of need this environment variable because our adapter reads data from the internet. Is there a way to use this authentication method with the proxy being set?

Former Member
‎10-08-2012 5:25 PM
0 Kudos

Hello,

Sorry to mix you up.  I don't think the http_proxy environment variable will pose a problem for authentication.  I just helped an SAP consultant and we found that it causes three problems:

1) It can cause Studio to take a long time connecting to the ESP server.  You might see in Studio a <connecting...> message for a very long time.

2) It can cause Studio to report a compilation error when there really isn't one.

3) It can prevent projects from starting:

esp_cluster_admin --uri=esp://archer:51011 --username=nstack

Password:

> start project default/sdkexample

[error] server returned : [FAILURE:Application wait for status is started, but application current status is not started]

If you need http_proxy defined, you might be able to workaround the issue by setting:

no_proxy="localhost, 127.0.0.1, archer.sybase.com"

In this example "archer.sybase.com" is the name of the machine that ESP server is running on.

Thanks,

  Neal

Former Member
‎10-08-2012 5:34 PM
0 Kudos

Hm,

this is interesting but not solving our problem.

Even unsetting http_proxy did not help to overcome the authentication problem.

Here is our setup in total:

./esp_server --cluster-node /opt/esp/ESP-5_1/cluster/examples/node1.xml

this start the example node as the server.

Then:

./esp_cluster_admin --uri=esp://localhost:19011 --auth=user-password --username=sybase --password=sybase

Results in the error message:

"Authentication failure: invalid login credentials"

http_proxy is unset.

All the files are unchanged after the installation, so we should be using the example setup. Any clue what part I am missing?

Former Member
‎10-08-2012 5:41 PM
0 Kudos

Hello,

Does it work without the "--auth=user-password" part?  I have never used that before.

Is it possible that there is another ESP server instance already running on port 19011?  If you start a new ESP server and there is something already using the port, ESP will start with no errors but of course, it can't be listening to a port that is already in use.

This is getting to be a bit more involved than a typical newsgroup posting.  Can you open a technical support case with Sybase?  You can share your desktop?

Thanks,

  Neal

Former Member
‎10-09-2012 3:13 PM
0 Kudos

Hello,

It turns out that the example nodes in $ESP_HOME/cluster/examples were intended to be invoked from that directory.  They do not have complete paths to the various XML files like "csi_local.xml".  So if you start the cluster from outside that directory, the cluster does not find the XML files with the username and password and you get an authentication failure.

If you "cd $ESP_HOME/cluster/examples" and then "$ESP_HOME/bin/esp_server --cluster-node=node1.xml" it will find all of the XML files and authentication will work.

I think perhaps it should have raised an error or warning about not finding the XML files so I will look into logging a bug for that.

Thanks,

  Neal

Former Member
‎10-09-2012 3:16 PM
0 Kudos

Thanks a lot - problem solved

Former Member
‎06-18-2014 4:13 PM
0 Kudos

Hi,

I am getting similar problem.

I can start a cluster successfully:



$ESP_HOME/bin/esp_server --cluster-node node1.xml

But when I start a node I am getting following error:



cd /opt/sybase/ESP-5_1/cluster/nodes/node1


BASE_DIRECTORY=/opt/sybase/ESP-5_1/cluster/projects/test-name-1


cd $BASE_DIRECTORY


$ESP_HOME/bin/esp_cluster_admin --uri=esp://localhost:19011 --username=sybase  --password=password --add_workspace --workspace-name=dev




ERROR:


[error] security : Authentication failure:Invalid login credentials

My node1.xml is located in the /opt/sybase/ESP-5_1/cluster/nodes/node1

Former Member
‎06-18-2014 4:34 PM
0 Kudos

Hello,

I assume from yesterday that you used this command to encrypt the password in the csi_local.xml file?

esp_cluster_admin --encrypt_text --encode_text

Please enter text to be encoded:

Please re-enter text to be encoded:

{SHA-256:dOnfXHDzffg=}pTC2SP5MGLbxTFcB9bbpfm2PMNdVS878iT6n2JNT6aI=

But I wonder if you changed password in the csi_local.xml file after starting the cluster manager node?

For the "com.sybase.security.core.PreConfiguredUserLoginModule" type of authentication, the user and password are stored statically when the cluster manager is started.  So if you make changes to the "csi_local.xml" file, you will need to restart the cluster manager node for the changes to take affect.

Thanks,

  Neal

Former Member
‎06-18-2014 4:54 PM
0 Kudos

Opsss. I think my bad... There was something wrong with my previous installation.

I have removed previous isntallation completelly, cleaned up disk and installed again from the scratch. After all your advices ESP finally is working. I can connect to the node through Sybase Studio.

So I don't know what was wrong...

I assume from yesterday that you used this command to encrypt the password in the csi_local.xml file?

Yes, I used that.

Thanks again Neal for your help.

Answers (0)

Ask a Question