Mosquitto broker not validating username and password sent by the publisher - client

I have set " allow_anonymous " to false in the configuration file and have created a new password file using the mosquitto_passwd utility, but still the client is able to connect through any username and password.
what should i do ?

password_file MUST not be empty. Or password is not required. Maybe can help you

Related

NiFi - Not Seeing user/password in nifi-app.log

In Windows, I've downloaded, installed, and started NiFi 1.16.3.
However when it asks me for a User and Password, I don't see these in nifi-app.log.
Is there a default User/Password?
Thanks
John
if you are on linux just run this command to set custom user/password for single user nifi:
cd <nifi_root_folder>
./bin/nifi.sh set-single-user-credentials <username> <password>
for windows there is a workaround to set custom credentials:
cd <nifi_root_folder>
java -cp conf;lib\bootstrap\* -Dnifi.properties.file.path=conf/nifi.properties ^
org.apache.nifi.authentication.single.user.command.SetSingleUserCredentials ^
<username> <password>
if you start a plain new nifi instance you will find the username and password in logs/nifi-app.log.
somewhere should be printed a line like this:
Generated Username [ae7b6dd8-bc89-44b0-a025-abe1230e6327]
Generated Password [DPwOASAEiXKHKAtR6CuzfNrRIVH+iU4o]

Apache NIFI login issue after installation

I am new to Apache NIFI. I have installed Apache NIFI on my local windows machine. Now, It is asking user's name and password to login. Do you know where I can find or set the password? I did not set any user name and password during installation. I much appreciate the response as soon as possible. Please have a look at the image attachment-> Nifi login requires a user name and password
First you go to the "conf/login-identity-providers.xml" file
There if u see something like below
<provider>
<identifier>single-user-provider</identifier>
<class>org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider</class>
<property name="Username">3489c555-49b4-4e7d-9e6f-ca7f71abea81</property>
<property name="Password">25BiJ9913n8q68bPGRxrm0qY6C4Z/GbT</property>
</provider>
Then make username & password property empty like below
<provider>
<identifier>single-user-provider</identifier>
<class>org.apache.nifi.authentication.single.user.SingleUserLoginIdentityProvider</class>
<property name="Username"></property>
<property name="Password"></property>
</provider>
Then save the login-identity-providers.xml file and restart the NIFI
After it starts open logs/nifi-app.log file
Then you can able to see generated usename and password like below.
Generated Username [3489c734-49b4-4e7d-9e6f-ca7f79abea81]
Generated Password [25BiJ9911n8k68btGRxqm0qY6C4Z/GbT]
Use this for login. Thank u.
As the official GitHub gives
https://github.com/apache/nifi#authenticating
you can find username and password in .\logs\nifi-app.log use search "password"
and you will see this
I try change password in windows but failed, but it can be done in Linux.
./bin/nifi.sh set-single-user-credentials <username> <password>
You can change the default password using the following (assuming path to nifi is D:\nifi-1.15.0)
java -cp d:\nifi-1.15.0\lib\bootstrap\* -Dnifi.properties.file.path=D:\nifi-1.15.0\conf\nifi.properties org.apache.nifi.authentication.single.user.command.SetSingleUserCredentials username password
Go To *nifi-1.15.2\logs*
open nifi-app.log and search for USERNAME, Copy it and paste it there
Username and Password
It will have some auto-generated credentials to use by default. You'll see them in the nifi-app.log
Generated Username [USERNAME]
Generated Password [PASSWORD]
This is my docker-compose file:
version: "3"
services:
nifi:
image: apache/nifi
container_name: nifi
volumes:
- /home/my_user/nifi/conf:/opt/nifi/conf
ports:
- 8443:8443
environment:
- NIFI_WEB_HTTPS_PORT:8443
- NIFI_WBE_HTTP_HOST=my_ip
- NIFI_WEB_PROXY_HOST=my_ip:8443
- SINGLE_USER_CREDENTIALS_USERNAME:admin
- SINGLE_USER_CREDENTIALS_PASSWORD:ransom_pwd
restart: always
but the login was not working. So I had to SSH into docker container
then cd into /opt/nifi/bin and then run ./nifi.ssh set-single-user-credentials username password

Can't connect to MariaDB using JDBC, mysql utils succeed

I use JDBC and Spring Boot 2.2.2 to connect to a MariaDB instance. The login fails with this message:
Caused by: java.sql.SQLInvalidAuthorizationSpecException: Could not
connect to
address=(host=server.company.domain)(port=3306)(type=master) : Access
denied for user 'user'#'server.company.domain' (using password:
YES)
When I run mysqldump -u"user" -p"password" -h server.company.domain dbname this works just fine !
Both the dump and the Spring Boot application are run from the same machine (the database server itself)
user and password used are identical
there are no special characters in the password or the user (only lower/uppcase characters and digits)
the jdbc connection string looks like this: jdbc:mariadb://server.company.domain:3306/dbname
I already tried to use localhost instead of the server name
when I change jdbc url, user and password the same application is able log in to my development mariaDB
It seems like you are having trouble with MariaDB, not spring-boot itself.
I suggest you to follow this links: https://mariadb.com/kb/en/configuring-mariadb-for-remote-client-access/, and come back if it didn't solve your problem, with what you tried, and what didn't work.
I ran a short SHOW GRANTS; via the mysql command which is able to connect to the database. The output gave me this:
GRANT ALL PRIVILEGES ON *.* TO 'user'#'%' IDENTIFIED BY PASSWORD 'nonono' REQUIRE SSL WITH GRANT OPTION
The relevant part is REQUIRE SSL: connections to that server need to be done encrypted.
When I checked the files in /etc/my.cnf.d/ I found a file containing (amongst others) these lines:
[server]
ssl=1
ssl-cert=/path/to/certificate/cert.pem
By googling a bit I found this link which describes how to set the JDBC driver to use ssl. It also explains to you why you perhaps should think twice before setting trustServerCertificate to true.
My spring.datasource.url now looks like this:
jdbc:mariadb://server.company.domain:3306/dbname?useSSL=true&trustServerCertificate=true&serverSslCert=/path/to/certificate/cert.pem
To put it short: Access denied for user doesn't tell the complete story. It makes you think that your password might be wrong but you are denied for other reasons.

How to properly configure Kerberos principal name

this is my krb5.ini file.
[libdefaults]
default_realm = TEST.EXAMPLE.COM
.....
[realms]
TEST.EXAMPLE.COM = {
kdc = test.example.com:88
master_kdc = test.example.com:88
default_domain = example.com
}
[domain_realm]
.example.com = EXAMPLE.COM
example.com = EXAMPLE.COM
I created a user USERA on the domain, created a credential using kinit and have my jaas.config file defined as
example_config {
com.ibm.security.auth.module.Krb5LoginModule required
useDefaultCcache=false
principal="userA#TEST.EXAMPLE.COM"
useCcache="file:///c:/Users/userA/krb5cc_userA"
debug=true;
};
everything seems ok as it gets authenticated.
[JGSS_DBG_CRED] Retrieving Kerberos creds from cache for principal=userA#TEST.EXAMPLE.COM
[JGSS_DBG_CRED] Non-interactive login; no callbacks necessary.
[JGSS_DBG_CRED] Done retrieving Kerberos creds from cache
[JGSS_DBG_CRED] Login successful
[JGSS_DBG_CRED] userA#TEST.EXAMPLE.COM added to Subject
[JGSS_DBG_CRED] Kerberos ticket for userA#TEST.EXAMPLE.COM added to Subject
[JGSS_DBG_CRED] No keys to add to Subject for userA#TEST.EXAMPLE.COM
however now, I am trying to use a service principal name , instead of user principal. I used ktpass to create a keytab file
ktpass -out "c:\mytab.keytab" -princ "Installation1/test.example.com#TEST.EXAMPLE.COM" -mapUser "TEST\userA" -mapOp set -pass password -crypto DES-CBC-MD5 -pType KRB5_NT_PRINCIPAL +DesOnly
and then use setspn to check
C:\>setspn -l userA
Registered ServicePrincipalNames for CN=userA,CN=Users,DC=test,DC=example,DC=com:
Installation1/test.example.com
i change my config to
example_config{
com.ibm.security.auth.module.Krb5LoginModule required
credsType = both
principal="userA/test.example.com"
useDefaultCcache = true
useDefaultKeytab = false
useKeytab = "file:///c:/mytab.keytab"
debug=true;
};
now when i run my app, it gives
[JGSS_DBG_CRED] Retrieving Kerberos creds from keytab for principal=Installation1/test.example.com
[JGSS_DBG_CRED] Service name=Installation1/test.example.com#TEST.EXAMPLE.COM
[JGSS_DBG_CRED] Check for Default keytab :
[JGSS_DBG_CRED] No Kerberos creds in keytab for principal Installation1/test.example.com
[JGSS_DBG_CRED] No service key in keytab; login failed
What did i do wrong in the config file? or is there something i miss in the ktpass command? Installation1 is the service name (of Websphere MQ) when I go to check Control Panel -> Services. I want to autheticate userA to use Websphere MQ service. (like if i want to let user use HTTP I would put principal as HTTP/.....TEST.EXAMPLE.COM
thanks
There is nothing in MQ that performs authentication. MQ only performs authorization (permission lookup) via its OAM module.
For a default install of MQ (on any platform including z/OS), there is no effective security in MQ. You can configure MQ to use MQ SSL between a client application and the queue manager (or between 2 queue managers).
The other choice is to purchase a 3rd party MQ security solution like MQAUSX which handles authentication to various targets.

How to reset/change expired password for DB2 Content Manager 8.4.1

I had installed IBM DB2 Content Manager 8.4.1 months ago and now I wanted to access it to continue some more work.
But when I try to log in using System Administration Client, it tells me the password is expired. The error is:
DGL0394A: Error in ::DriverManager.getConnection;[jcc][t4][2012][11248][3.50.152]
Connection authorization failure occurred. Reason: Password expired.
ERRORCODE=-4214,SQLSTATE=28000 (STATE) : ;
[SERVER = icmnsldb, USERID = icmadmin, SQL RC = -4214, SQL STATE = 28000]
I've tried looking thru the config files, using the java update command line.. and I can't find a way to change or reset the password. I can't use System Administration Client to change the passwords, since it won't log me in to begin with. Any other method I can use to reset/change the password for a DB2 CM user?
DB2 uses the operating system to authenticate users, so you need to use the OS tools to reset the icmadmin user's password. Your post is tagged as Windows, so look for the icmadmin user in either the local machine or in the domain if your server belongs to a domain.
Just use the Client for Windows on a desktop machine and not the eClient to login. It will directly notify about a expired password and you can set the new password immediately.
I faced the same issue. I logged in as root and chaged the password for db2 user by passwd . and changed in the WAS console. It worked.
In Windows, click on start > Control Panel > User Accounts > User Accounts > Manage User Accounts.
Here, select the DB2 username and click on Reset Password.
If you are on Docker, you need to perform a docker exec into the DB2 container (Linux) and then change the password for the local user that you are trying to log in to DB2 with. In my case, the name of the user was "myuser". I changed the password by executing
passwd myuser
Note that you are root by default when you exec into the container. Else use
docker exec -u root <containerName> /bin/sh

Resources