[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Handle-info] Local PUBKEY Authentication

As a minor aside, homing both 5678 and 0.NA/5678 should be redundant -- either should mean "this handle server will answer requests for handles with prefix 5678/".

Please send (separately to me is fine) the complete output of your hdl-list command.

Best,
Robert


On Thu, May 20, 2021 at 6:11 AM Christian Bay <christian.bay@posteo.net> wrote:
Hey :)

I'm running an Handle Server locally for testing purposes and am facing
a problem when trying to authenticate myself locally via a PUBKEY.

I set up everything to work locally without communicating to the GHR as
described in Chapter 10 of the Technical Manual.

In Chapter 10.2 it is explained how to authenticate with a secret key:
'Create the new admin handle using the DBTool, and associate a secret
key (password) with it [...]' (Chapter 10.2 Technical Manual)

Which works with the admin tool.

However, later on in production I want to use the PUBKEY authentication
strategy. For example for the REST-API
challenge response framework (Chapter 14.6.4). An example implementation
can be found

here https://github.com/theNBS/handleserver-samples/tree/master/python

But this doesn't work yet.

I created an Admin Handle under 5678/ADMIN with four values:


100     HS_ADMIN        2021-05-20 08:26:32Z    handle=5678/ADMIN; index=200; [create
hdl,delete hdl,create derived prefix,delete derived prefix,read
val,modify val,del val,add val,modify admin,del admin,add admin,list]
200     HS_VLIST        2021-05-20 08:26:32Z    300:5678/ADMIN
300     HS_PUBKEY       2021-05-20 08:26:32Z    <SOME PUBKEY>
301     HS_SECKEY       2021-05-20 08:26:32Z    password

Home prefixes where established as well (for 0.NA/5678 and 5678)

Neither with the admin tool, nor with the python script, nor the helper
scripts I am able to authenticate myself. I don't see any errors in the
logs nor the output of the admin tool. The REST API only returns a 401
Unauthorized.
However, when I run the helper script

'./bin/hdl-list 5678/ADMIN 300 config/privkey.bin 5678'

it states, that the prefix doesn't live here and the root info is missing.
I'm not sure what to make out of this information. The authentication
works with the secret key procedure and the prefix 5678 and 0.NA/5678
are home with the DBTool and Admintool.


Has someone a clue what I am missing or has been able to set this up
locally?

Best,
Christian



_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info
_______________________________________________
Handle-Info mailing list
Handle-Info@cnri.reston.va.us
http://www.handle.net/mailman/listinfo/handle-info