I have a new Eucalyptus installation and new Eucaconsole installation. I have created users with login profiles and passwords assigned and verified them as not expired and enabled.
No matter what account/user/pass I log into the console with (even invalid accounts) I am delivered to a password reset page. The password reset appears to work but when I then click on any other part of the console or the generate keys button I am logged out and the whole problem starts again. The freshly changed password is asked to be changed again. I'm seeing errors nowhere in my logs. I see this in the eucaconsole_nginx_access.log
each time this occurs.
10.0.0.7 - - [09/Nov/2018:13:14:58 -0500] "POST /login?
login_type=Eucalyptus HTTP/1.1" 302 256 "https://cloud/" "Mozilla/5.0
(Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0"
10.0.0.7 - - [09/Nov/2018:13:14:58 -0500] "GET /managecredentials?
came_from=&expired=true&account=console&username=admin HTTP/1.1" 200
4447 "https://cloud/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14;
rv:63.0) Gecko/20100101 Firefox/63.0"
10.0.0.7 - - [09/Nov/2018:13:14:59 -0500] "GET
/static/4.4.4/html/help/console_manage_credentials.html HTTP/1.1" 304 0
"https://cloud/managecredentials?
came_from=&expired=true&account=console&username=admin" "Mozilla/5.0
(Macintosh; Intel Mac OS X 10.14; rv:63.0) Gecko/20100101 Firefox/63.0"
Did I miss an important piece in my setup or is this some kind of bug. The fact that it happens even for invalid credentials and nonsense users that don't exist is an interesting detail but I haven't been able to make sense of it in a useful way.
FINAL: I abandoned this and rebuilt after the 4.4.5 release and all is working.
For
admin
users in an account, setting a password (e.g.euare-usermodloginprofile
oreuare-useraddloginprofile
) should be sufficient to allow console access.When you add non-
admin
users to an account they will not have permission to perform any actions until you grant access via iam policy. Using the console you can access the details for a user and useADD ACCESS POLICY
underGENERAL
/PERMISSIONS
. You can pick a predefined policy such asUser access
orMonitor access
to get started.http://docs.eucalyptus.cloud/eucalyptus/4.4.4/index.html#shared/console_user_detail_general.html