[pubcookie-users] Pubcookie 3 security_context:
can't accesskryptkey file ...(try setting crypt_key)
J. Alex Lang
jalang at andrew.cmu.edu
Thu Jul 31 14:43:02 PDT 2008
Before you get that far, be sure to enable the .pubcookie3 extension in
Web Service Extensions, as per
http://pubcookie.org/docs/install-filter.html#iis6
-Alex
David T Grayston wrote:
> Jane,
>
> So you are getting redirected to the pubcookie logon (that's working) but
> upon returning to your site then you get the error.
>
> Is there another ISAPI filter attempting to do something during the page
> display?
> How does https:// access to your site behave with pubcookie authtype sent to
> None?
>
> I'd suggest getting more debug info by Pubcookie Server Values ->
> Debug_Trace -> 1 or 2 - this will generate 20-40 pubcookie EventLog entries
> per access. Should help narrow down when the error happens.
>
> I recall in the past a site that threw similar error when loading its
> style.css file from a subfolder. The debug info help narrow that down.
>
>
> ------------------------------------------------------------------
> David T. Grayston Systems & Network Administrator
> University of Washington
> School of Public Health and Community Medicine
> Office of the Dean
>
>
>
>> -----Original Message-----
>> From: pubcookie-users-bounces at mailman1.u.washington.edu
>> [mailto:pubcookie-users-bounces at mailman1.u.washington.edu] On
>> Behalf Of Jane Bolz
>> Sent: Thursday, July 31, 2008 2:05 PM
>> To: David T Grayston
>> Cc: pubcookie-users at u.washington.edu
>> Subject: Re: [pubcookie-users] Pubcookie 3 security_context:
>> can't accesskryptkey file ...(try setting crypt_key)
>>
>> David/Alex:
>> I will double-check the timeserver issue, the
>> ...\keys\localhost was a generic message, I think. We do
>> have a UW Cert, registered w/ uw pubcookie server, and the
>> install did not hang at all.
>>
>> Just in case - I just did the time settings on all domain
>> controllers, & the IIS server, uninstalled pubcookie, removed
>> registry settings.
>>
>> Reinstalled pubcookie
>>
>> re-added the isapi filter
>>
>> turned on uwnetID (auth)
>>
>> called the webapp, via IE7, DID go thru uwnetid logon, then
>> it hangs on
>> https://pse_c2.pubserv.washington.edu/relay.pubcookie3?appsrvi
> d=pse_c2.pubserv.washington.edu
>>
>> application pools are running as Network Service
>>
>> Any further help?
>>
>> Thanks!
>>
>> -Jane
>>
>> phone: 206 543-7868
>>
>> David T Grayston wrote:
>>> Jane,
>>>
>>> The error may indicate a time discrepency on your server and the
>>> weblogin.washington.edu servers. Check for acurate time on
>> your server.
>>> Similar error can happen if your client computer as obtained a
>>> pubcookie cookie from the server and you then re-start IIS.
>> Close and
>>> restart the client to get a new pubcookie cookie.
>>>
>>> As for the SSL cert = DNS, Alex is correct but since your
>> server's DNS
>>> must be registered with the pubcookie login servers here at
>> the UW and
>>> if that wasn't true your installation should fail.
>>>
>>> David
>>>
>>> ------------------------------------------------------------------
>>> David T. Grayston Systems & Network Administrator
>>> University of Washington
>>> School of Public Health and Community Medicine Office of the Dean
>>> 206.685.0977 (voice) | 206.914.3772 (Cell) | 206.543.3813 (FAX)
>>>
>>>
>>>
>>>
>>>> -----Original Message-----
>>>> From: pubcookie-users-bounces at mailman1.u.washington.edu
>>>> [mailto:pubcookie-users-bounces at mailman1.u.washington.edu]
>> On Behalf
>>>> Of J. Alex Lang
>>>> Sent: Thursday, July 31, 2008 12:17 PM
>>>> To: Jane Bolz
>>>> Cc: pubcookie-users at u.washington.edu
>>>> Subject: Re: [pubcookie-users] Pubcookie 3 security_context:
>>>> can't accesskrypt key file ...(try setting crypt_key)
>>>>
>>>> Given that the keyfile it's looking for is called "localhost"
>>>> I'd say that your problem is actually there; unless the
>> keyfile really
>>>> is called that.
>>>>
>>>> I was under the impression that the keyfile needs to match the
>>>> hostname that the SSL certificate has (the DN of the cert's X.509
>>>> info).
>>>>
>>>> -Alex
>>>>
>>>> Jane Bolz wrote:
>>>>
>>>>> Hi!
>>>>> I've had an app running fine on a new MS2003 server w/ sp2.
>>>> Recently
>>>>
>>>>> installed pubcookie to do the authentication, but can't
>>>> seem to get it
>>>>
>>>>> to work.
>>>>>
>>>>> The msi install went fine, no hangups. Created the
>> pubcookie key.
>>>>> The server key as well was put into the keys folder by the install.
>>>>>
>>>> --
>>>> J. Alex Lang
>>>> Director of Information Technology for Campus Services
>> Carnegie Mellon
>>>> University
>>>> 6555 Penn Avenue, Room 152
>>>> Pittsburgh, PA 15206
>>>>
>>>> _______________________________________________
>>>> pubcookie-users mailing list
>>>> pubcookie-users at u.washington.edu
>>>> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>>>>
>>>
>>> _______________________________________________
>>> pubcookie-users mailing list
>>> pubcookie-users at u.washington.edu
>>> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>> _______________________________________________
>> pubcookie-users mailing list
>> pubcookie-users at u.washington.edu
>> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>>
>
> _______________________________________________
> pubcookie-users mailing list
> pubcookie-users at u.washington.edu
> http://mailman1.u.washington.edu/mailman/listinfo/pubcookie-users
>
--
J. Alex Lang
Director of Information Technology for Campus Services
Carnegie Mellon University
6555 Penn Avenue, Room 152
Pittsburgh, PA 15206
More information about the pubcookie-users
mailing list