New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Error after updating rods password #7723
Comments
Some parts of the server do not respond to those types of changes. For example, the delay server. Because of that, processes such as the delay server will continue to use old information until it is restarted. The recommendation is ... if you change the password of the iRODS user responsible for managing the server (i.e. the user under the service account), restart the iRODS server. That also applies to any clients using pooling and relying on rodsadmin-level accounts which have had their password changed (e.g. NFSRODS, HTTP API (if not running in 4.2 compatibility mode)). Another way to protect against this is to create a secondary rodsadmin account for carrying out administrative tasks only. This allows you to leave the iRODS account responsible for the running of the server as is. We'll add documentation explaining this. |
I see, if I create a dedicated user for admin task, should I use this new user to replace rods in server_config.json, I mean, change the value of zone_user from |
No. Creating the secondary rodsadmin simply allows you to do things to the server without affecting tasks managed by the primary rodsadmin. You still shouldn't change the password of the primary rodsadmin though.
If the goal is to change the password of the original rodsadmin, then a secondary rodsadmin account won't help. Once you change the password, you must restart the server. There's no way around that. |
OK! Well, the only issue I am seeing is that when I change the password of the original rodsadmin and restart the server, I still get the CAT_INVALID_AUTHENTICATION error. even if I create another adming user, I don't want to leave the rods user with the default well-know password... I suppose I should have changed it when I reinstall irods on this machine, maybe that would be the actual final solution. |
That would definitely 'fix' it. But changing the password should not result in |
I see, I will double-check and try again. |
In your irods_environment.json file, look for the property, What value is that set to? |
The rodsadmin could be using LDAP or Active Directory to get authenticated... but if you're not sure about it - you're probably using 'native'. PAM for the service account is not something we have under testing, so I was just mentioning it as another dark corner that could be happening here... |
I don't see that "irods_authentication_scheme" but can see |
@DOC-MEX Any new leads on this? Did you fix it? Can you list the exact sequence of steps you took (with commands) to encounter this situation? Start from the working system. |
@korydraughn sorry, I did not explore this further, I simply reinstalled it and and set up a different password for rods from the very beginning. |
No problem. Did the reinstall work as you expect? |
yeah, that solved my issue. |
I've confirmed there's an issue with changing the password of the rodsadmin user managing the server. The messages I see aren't exactly the same, but I see This was done using a 4.3.2 server. We will investigate. |
Bug Report
I have updated the default password of the rods user. This change triggers this error: [CAT_INVALID_AUTHENTICATION: rcAuthCheck failed. . I have re-run iinit and also restarted the service but that does not correct the problem. I can see it that it the delayServer is not activated after that.
The moment I change the password back to the default "rods" value, everything is back to normal. The log error messages stop and the irodsDelayServer is initialized
{"log_category":"delay_server","log_level":"info","log_message":"Initializing delay server ...","server_host":"opendata-20","server_pid":645988,"server_timestamp":"2024-04-26T12:22:16.704Z","server_type":"delay_server","server_zone":"earlhamZone"}
iRODS Version, OS and Version
4.3.1 Ubuntu 20
What did you try to do?
restart the service and running iinit
Expected behavior
Observed behavior (including steps to reproduce, if applicable)
These are the error logs when the password of rods is not the default "rods"
I wonder if having another user with admin privileges or that this machine is federated to another could be related to the problem, but It looks as if I have to update the password in another file/place.
The text was updated successfully, but these errors were encountered: