Problems authenticating with manual Docker + Kubernetes installations

Hello there,

I am trying to install Icinga Web 2. Sadly I keep getting
Incorrect username or password
When I try to login.

The correct user and password_hash seems have been added to the database, as well as as all the GRANTS. I’m using Postgres btw.

I am mounting the following config files to /etc/icingaweb2/:

apiVersion: v1
kind: ConfigMap
metadata:
  name: icinga2-web-config
data:
  resources.ini: | 
    [icingaweb_db]
    type = "db"
    db = "pgsql"
    host = "postgres-icinga2web"
    port = "5432"
    dbname = "icinga2web"
    username = "icinga2web"
    password = "private"
    charset = "utf8"

    [icinga_ido]
    type = "db"
    db = "pgsql"
    host = "postgres-icinga2"
    port = "5432"
    dbname = "icinga2"
    username = "icinga2"
    password = "private"
    charset = "utf8"

  config.ini: |
     [logging]
     log = "syslog"
     level = "DEBUG"
     application = "icingaweb2"

  authentication.ini: |
    [icingaweb2]
    backend = "db"     
    resource = "icingaweb_db"

  roles.ini: |
    [admins]
    users = "inga_admin"
    permissions = "*"

Here’s a picture of the schema, in case you’re wondering if I have the correct one:

What could be the problem?
Thank you for your time.

Hi,

despite the username in roles.ini (inga_admin), nothing.

How did you insert the account in the database? How was the password_hash being generated?

Hi there Meyer,

The password hash had being generated with the way described in the docs (native php hash):
php -r 'echo password_hash("password", PASSWORD_DEFAULT);'

I have tried two ways of inserting, by just manually inserting the queries and through a seeder/job.
The part of the seeder that is inserting the user:
command: ["/bin/sh"] args: ['-c', "psql -h $(PGHOST) -w -U $(PGUSER) -p $(PGPORT) $(PGDATABASE) < /tmp/schema/pgsql.schema.sql; psql -h $(PGHOST) -w -U $(PGUSER) -p $(PGPORT) $(PGDATABASE) -d $(PGDATABASE) -c \"INSERT INTO icingaweb_user (name, active, password_hash) VALUES ('inga_admin', 1, '\\$2y\\$10\\$bG.p6xHqvY1im*****************.**********************')\""]

That looks like the problem.

What is the problem with that statement? Can I not add a user with an underscore in the name?

I tried it with non-underscore names as well, didn’t make a difference.

Oh, that name is intended? I thought it was a typo with icinga, nevermind.

That was my thought as well, but due to the config shown in the OP. Now that the same name is used in the database it doesn’t matter of course. :laughing:

@HLA-systeem Which version of Postgres is this? The way Postgres stores bytea values has been changed since v9, which what is expected by Icinga Web 2.

Also, this smells like an encoding problem. Please check whether the hash you’re inserting is really the exact same that ends up in the database. (The hash should start with \x24 if correctly transferred)

1 Like

It has been solved. What worked for me was adding php7-openssl openssl, and using openssl_random_pseudo_bytes(12); as the salt to generate the hash.

The new hash doesn’t start with \x24 , but whatever I can login now.

Thank you all for your time.