Re: RGW authentication fail with AWS S3 v4

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

It looks like, as it's now coded, the 15 minute time limit is hard coded. It checks that X-Amz-Expires is not exceeded, and then unconditionally checks that the request time is within 15 minutes of now. 

Daniel

On 02/03/2017 04:06 AM, Khang Nguyễn Nhật wrote:

    Dear Wido,

I have used X-Amz-Expires=86400 in url but it doesn't work

2017-02-03 16:00 GMT+07:00 Wido den Hollander <wido@xxxxxxxx
<mailto:wido@xxxxxxxx>>:


    > Op 3 februari 2017 om 9:52 schreef Khang Nguyễn Nhật
    <nguyennhatkhang2704@xxxxxxxxx <mailto:nguyennhatkhang2704@xxxxxxxxx>>:
    >
    >
    > Hi all,
    > I'm using Ceph Object Gateway with S3 API (ceph-radosgw-10.2.5-0.el7.x86_64
    > on CentOS Linux release 7.3.1611) and  I use generate_presigned_url method
    > of boto3 to create rgw url. This url working fine in period of 15 minutes,
    > after 15 minutes I recived *RequestTimeTooSkewed* error. My
    radosgw use
    > Asia/Ho_Chi_Minh timezone and running ntp service. Here is url and rgw log:
    >

    That is normal. The time is part of the signature. You have to
    generate a new signature after 15 minutes.

    Normal behavior.

    Wido

    > - URL:
    > http://rgw.xxx.vn/bucket/key.mp4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=86400&X-Amz-Credential=7AHTO4E1JBZ1VG1U96F1%2F20170203%2F%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20170203T081233Z&X-Amz-Signature=682be59232443fee58bc4744f656c533da8ddd828e36b739b332736fa22bef51
    <http://rgw.xxx.vn/bucket/key.mp4?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Expires=86400&X-Amz-Credential=7AHTO4E1JBZ1VG1U96F1%2F20170203%2F%2Fs3%2Faws4_request&X-Amz-SignedHeaders=host&X-Amz-Date=20170203T081233Z&X-Amz-Signature=682be59232443fee58bc4744f656c533da8ddd828e36b739b332736fa22bef51>
    >
    > - RGW LOG:
    > // //
    > NOTICE: request time skew too big.
    > now_req = 1486109553 now = 1486110512; now -
    > RGW_AUTH_GRACE_MINS=1486109612; now + RGW_AUTH_GRACE_MINS=1486111412
    > failed to authorize request
    > handler->ERRORHANDLER: err_no=-2012 new_err_no=-2012
    > // //
    >
    > Someone can help me reslove this problem ? Thank
    > _______________________________________________
    > ceph-users mailing list
    > ceph-users@xxxxxxxxxxxxxx <mailto:ceph-users@xxxxxxxxxxxxxx>
    > http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
    <http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com>




_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com



_______________________________________________
ceph-users mailing list
ceph-users@xxxxxxxxxxxxxx
http://lists.ceph.com/listinfo.cgi/ceph-users-ceph.com
[Index of Archives]     [Information on CEPH]     [Linux Filesystem Development]     [Ceph Development]     [Ceph Large]     [Linux USB Development]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [xfs]

  Powered by Linux