After running fedora update, I am unable to log-in into the cocpit-ws and I am not sure
what went wrong.
I am able to ssh to the box using ipa credentials without issue. But cocpit gives me
"wrong username or password"
Errors I'm getting in journal 'couldn't read from connection: Peer sent fatal
TLS alert: Unknown certificate'
I'm running FreeIpa server and cocpit-ws on same machine
Maybe someone had similar issue or some ideas where to start debugging it ?
Log snippet when I am trying to log in:
myserver.domain.com audit[1]: SERVICE_START pid=1 uid=0 auid=4294967295 ses=4294967295
msg='unit=cockpit comm="systemd" exe="/usr/lib/systemd/systemd"
hostname=? addr=? terminal=? res=success'
myserver.domain.com cockpit-ws[13295]: Using certificate:
/etc/cockpit/ws-certs.d/0-self-signed.cert
myserver.domain.com cockpit-ws[13295]: couldn't read from connection: Peer sent fatal
TLS alert: Unknown certificate
myserver.domain.com cockpit-session[13298]: pam_sss(cockpit:auth): authentication success;
logname= uid=0 euid=0 tty= ruser= rhost=10.0.5.44 user=myuser
myserver.domain.com audit[13298]: USER_AUTH pid=13298 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:authentication grantors=pam_succeed_if,pam_succeed_if,pam_sss
acct="myuser" exe="/usr/libexec/cockpit-session" hostname=10.0.5.44
addr=10.0.5.44 terminal=? res=success'
myserver.domain.com audit[13298]: USER_ACCT pid=13298 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:accounting grantors=pam_unix,pam_sss,pam_permit acct="myuser"
exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=?
res=success'
myserver.domain.com audit[13298]: CRED_ACQ pid=13298 uid=0 auid=4294967295 ses=4294967295
msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="myuser"
exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=?
res=success'
myserver.domain.com cockpit-session[13298]: pam_ssh_add: Identity added:
/home/myuser/.ssh/id_rsa (myuser(a)myserver.domain.com)
myserver.domain.com systemd-logind[1067]: New session 39 of user myuser.
-- Subject: A new session 39 has been created for user myuser
-- Defined-By: systemd
-- Support:
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation:
https://www.freedesktop.org/wiki/Software/systemd/multiseat
--
-- A new session with the ID 39 has been created for the user myuser.
--
-- The leading process of the session is 13298.
myserver.domain.com systemd[1]: Started Session 39 of user myuser.
-- Subject: Unit session-39.scope has finished start-up
-- Defined-By: systemd
-- Support:
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit session-39.scope has finished starting up.
--
-- The start-up result is done.
myserver.domain.com cockpit-session[13298]: pam_unix(cockpit:session): session opened for
user myuser by (uid=0)
myserver.domain.com audit[13298]: USER_START pid=13298 uid=0 auid=1907400001 ses=39
msg='op=PAM:session_open
grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_ssh_add,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_umask,pam_lastlog
acct="myuser" exe="/usr/libexec/cockpit-sessi>
myserver.domain.com audit[13298]: CRED_REFR pid=13298 uid=0 auid=1907400001 ses=39
msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="myuser"
exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=?
res=success'
myserver.domain.com cockpit-ws[13295]: 3: Permission denied.
myserver.domain.com audit[13298]: CRED_DISP pid=13298 uid=0 auid=1907400001 ses=39
msg='op=PAM:setcred grantors=pam_localuser,pam_sss acct="myuser"
exe="/usr/libexec/cockpit-session" hostname=10.0.5.44 addr=10.0.5.44 terminal=?
res=success'
myserver.domain.com cockpit-session[13298]: pam_unix(cockpit:session): session closed for
user myuser
myserver.domain.com audit[13298]: USER_END pid=13298 uid=0 auid=1907400001 ses=39
msg='op=PAM:session_close
grantors=pam_selinux,pam_loginuid,pam_selinux,pam_keyinit,pam_ssh_add,pam_keyinit,pam_limits,pam_systemd,pam_unix,pam_sss,pam_umask,pam_lastlog
acct="myuser" exe="/usr/libexec/cockpit-sessio>
myserver.domain.com systemd-logind[1067]: Session 39 logged out. Waiting for processes to
exit.
myserver.domain.com systemd-logind[1067]: Removed session 39.
-- Subject: Session 39 has been terminated
-- Defined-By: systemd
-- Support:
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
-- Documentation:
https://www.freedesktop.org/wiki/Software/systemd/multiseat
--
-- A session with the ID 39 has been terminated.