open-policy-agent / contrib

Integrations, examples, and proof-of-concepts that are not part of OPA proper.

Home Page:http://www.openpolicyagent.org/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

opa-pam: HTTP request failed with error: Couldn't connect to server

danvela opened this issue · comments

commented

hi, im having issue with my build pam_opa module. seems it cant reach the opa-server i've check many times to ensure that pam.d sshd file calling the correct url and i can even hit the server via curl manually. please the logs below and the version i used to build the pam_opa module

PAM File

auth required /lib/security/pam_opa.so url=http://:8181 authz_endpoint=/v1/data/sshd/authz display_endpoint=/v1/data/display pull_endpoint=/v1/data/pull log_level=debug
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so close
session required pam_loginuid.so
session required pam_env.so # [1]
session required pam_env.so user_readenv=1 envfile=/etc/default/locale
session [success=ok ignore=ignore module_unknown=ignore default=bad] pam_selinux.so open
session required pam_namespace.so
session optional pam_keyinit.so force revoke
session include password-auth
session include postlogin
-session optional pam_reauthorize.so prepare

Logs

Jan 20 14:17:19 OPA-PAM[36249]: Defaulted to log level info
Jan 20 14:17:19 OPA-PAM[36249]: Parsing arg: url=http://:8181
Jan 20 14:17:19 OPA-PAM[36249]: Parsing arg: authz_endpoint=/v1/data/sshd/authz
Jan 20 14:17:19 OPA-PAM[36249]: Parsing arg: display_endpoint=/v1/data/display
Jan 20 14:17:19 OPA-PAM[36249]: Parsing arg: pull_endpoint=/v1/data/pull
Jan 20 14:17:19 OPA-PAM[36249]: Parsing arg: log_level=debug
Jan 20 14:17:19 OPA-PAM[36249]: Session log level is set to debug
Jan 20 14:17:19 OPA-PAM[36249]: Commencing display cycle.
Jan 20 14:17:19 OPA-PAM[36249]: Initializing HTTP request GET /v1/data/display
Jan 20 14:17:19 OPA-PAM[36249]: HTTP request body: (null)
Jan 20 14:17:19 OPA-PAM[36249]: HTTP request failed with error: Couldn't connect to server
Jan 20 14:17:19 OPA-PAM[36249]: Commencing pull cycle.
Jan 20 14:17:19 OPA-PAM[36249]: Initializing HTTP request GET /v1/data/pull
Jan 20 14:17:19 OPA-PAM[36249]: HTTP request body: (null)
Jan 20 14:17:19 OPA-PAM[36249]: HTTP request failed with error: Couldn't connect to server
Jan 20 14:17:19 OPA-PAM[36249]: Collecting system information.
Jan 20 14:17:19 OPA-PAM[36249]: Loaded sysinfo pam_username: opadmin
Jan 20 14:17:19 OPA-PAM[36249]: Loaded sysinfo pam_service: sshd
Jan 20 14:17:19 OPA-PAM[36249]: Loaded sysinfo pam_req_username:
Jan 20 14:17:19 OPA-PAM[36249]: Loaded sysinfo pam_req_hostname:
Jan 20 14:17:19 OPA-PAM[36249]: Commencing authz cycle.
Jan 20 14:17:19 OPA-PAM[36249]: Initializing HTTP request POST /v1/data/sshd/authz
Jan 20 14:17:19 OPA-PAM[36249]: HTTP request body: {"input":{"display_responses":{},"pull_responses":{"files":{},"env_vars":{}},"sysinfo":{"pam_username":"opadmin","pam_service":"sshd","pam_req_username":"","pam_req_hostname":""}}}
Jan 20 14:17:19 OPA-PAM[36249]: HTTP request failed with error: Couldn't connect to server
Jan 20 14:17:19 OPA-PAM[36249]: Freeing allocated data.

Version used to compile
https://github.com/linux-pam/linux-pam/releases/download/v1.3.1/Linux-PAM-1.3.1.tar.xz
http://www.digip.org/jansson/releases/jansson-2.12.tar.gz
https://curl.haxx.se/download/curl-7.68.0.tar.gz

commented