Skip to Content.
Sympa Menu

shibboleth-dev - UW shib origin installation

Subject: Shibboleth Developers

List archive

UW shib origin installation


Chronological Thread 
  • From: "RL 'Bob' Morgan" <>
  • To: Shibboleth Design Team <>
  • Subject: UW shib origin installation
  • Date: Fri, 26 Apr 2002 18:04:16 -0700 (PDT)


(was "alpha mumble")

OK, here's a little more. My MySQL is set up to allow access to
"shib@localhost",
so for example from the command line I can do:

abajo{rlmorgan} mysql -u shib -p -e "select * from HandleService" shib
Enter password:
+--------+----------+----------+-------------+------------+
| handle | username | authType | authInstant | expInstant |
+--------+----------+----------+-------------+------------+
| abc | bob | foo | NULL | NULL |
| def | bob | foo | NULL | NULL |
+--------+----------+----------+-------------+------------+

(having entered some bogus rows into HandleService to show I could).

I managed to turn query logging on in MySQL (which was really mysterious
to do, grumble). When I do the above query it shows up in the log:

Time Id Command Argument
020426 17:45:24 1 Connect
shib@localhost
on shib
1 Query select * from HandleService
1 Quit

When I type in the above command on the command line but with an
intentionally wrong password the query log shows:

020426 17:45:46 2 Connect Access denied for user:

'shib@localhost'
(Using password: YES)

So, when I then run shib/tomcat and try the page access, tomcat spits the
error at me:

HandleException: Server configuration denies access to data source

as before, *but the log shows nothing*.

When I change my shib (er, shibb) xml.web to use:

<param-name>DBdomain</param-name>
<param-value>abajo.cac.washington.edu</param-value>

that is, the full hostname instead of "localhost", and run everything
again, tomcat gives me the error:

HandleException: Invalid authorization specification: Access denied for
user:
''
(Using password: YES)

and the mysqld query log now shows an entry:

020426 17:50:45 4 Connect Access denied for user:

''
(Using password: YES)

So I conclude that there's something broken with trying to use a DBDomain
of "localhost" with the JDBC driver. Is anyone actually running that way?

If I can figure out how to do it I'll see if I can get MySQL to accept
commands from
;
and in the meantime await
further insights.

- RL "Bob"


------------------------------------------------------mace-shib-design-+
For list utilities, archives, subscribe, unsubscribe, etc. please visit the
ListProc web interface at

http://archives.internet2.edu/

------------------------------------------------------mace-shib-design--




Archive powered by MHonArc 2.6.16.

Top of Page