Git authentication failure

Hi,

I am attempting to use the Virtualmin Git module to set up a Git repository on one of my virtual severs. I was able to set up a repository successfully by way of the Virtualmin GUI and I was also able to add a new Website user that additionally had access to the repository.

However, even after doing this I am unable to log into the repository with the username and password combination I just set up, either through SourceTree or direct access via HTTP in my Web browser (Safari on Mac OS X). I just keep getting the login prompt, as if my username or password is incorrect, and the virtual server error log just indicates that authentication for the specific user has failed.

Here is the Apache virtual host configuration file for reference:

SuexecUserGroup "#1538" "#1296" ServerAdmin support@airshock.net ServerName code.galacticframework.org ServerAlias www.code.galacticframework.org ServerAlias webmail.code.galacticframework.org ServerAlias admin.code.galacticframework.org ServerAlias autoconfig.code.galacticframework.org ServerAlias autodiscover.code.galacticframework.org DocumentRoot /home/galactic/domains/code.galacticframework.org/site ErrorLog /var/log/virtualmin/vhosts/code.galacticframework.org CustomLog /var/log/virtualmin/access/code.galacticframework.org common Options +ExecCGI +SymLinksifOwnerMatch AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Order allow,deny Allow from all Require all granted AddType application/x-httpd-php .php AddHandler fcgid-script .php AddHandler fcgid-script .php5 AddHandler fcgid-script .php5.6 AddHandler fcgid-script .php7.0 FCGIWrapper /home/galactic/domains/code.galacticframework.org/fcgi-bin/php7.0.fcgi .php FCGIWrapper /home/galactic/domains/code.galacticframework.org/fcgi-bin/php5.fcgi .php5 FCGIWrapper /home/galactic/domains/code.galacticframework.org/fcgi-bin/php5.6.fcgi .php5.6 FCGIWrapper /home/galactic/domains/code.galacticframework.org/fcgi-bin/php7.0.fcgi .php7.0 RewriteEngine on RewriteCond %{HTTP_HOST} =webmail.code.galacticframework.org RewriteRule ^(.) https://webmail.airshock.net [R] RewriteCond %{HTTP_HOST} =admin.code.galacticframework.org RewriteRule ^(.) https://code.galacticframework.org:10000/ [R] RemoveHandler .php RemoveHandler .php5 RemoveHandler .php5.6 RemoveHandler .php7.0 FcgidMaxRequestLen 1073741824 allow from all Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi ScriptAlias /AutoDiscover/AutoDiscover.xml /home/galactic/domains/code.galacticframework.org/cgi-bin/autoconfig.cgi ScriptAlias /Autodiscover/Autodiscover.xml /home/galactic/domains/code.galacticframework.org/cgi-bin/autoconfig.cgi ScriptAlias /autodiscover/autodiscover.xml /home/galactic/domains/code.galacticframework.org/cgi-bin/autoconfig.cgi DAV on AuthType Basic AuthName code.galacticframework.org AuthUserFile /home/galactic/domains/code.galacticframework.org/etc/git.basic.passwd Require valid-user Satisfy All RedirectMatch ^/git$ http://code.galacticframework.org/git/gitweb.cgi RedirectMatch ^/git/$ http://code.galacticframework.org/git/gitweb.cgi RewriteEngine off AddHandler cgi-script .cgi ProxyPass /git/ ! ProxyPassReverse /git/ ! Require user gfw RedirectMatch ^/(?!.well-known)(.)$ https://code.galacticframework.org/$1 SuexecUserGroup "#1538" "#1296" ServerAdmin support@airshock.net ServerName code.galacticframework.org ServerAlias www.code.galacticframework.org ServerAlias webmail.code.galacticframework.org ServerAlias admin.code.galacticframework.org ServerAlias autoconfig.code.galacticframework.org ServerAlias autodiscover.code.galacticframework.org DocumentRoot /home/galactic/domains/code.galacticframework.org/site ErrorLog /var/log/virtualmin/vhosts/code.galacticframework.org CustomLog /var/log/virtualmin/access/code.galacticframework.org common Options +ExecCGI +SymLinksifOwnerMatch AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch Order allow,deny Allow from all Require all granted AddType application/x-httpd-php .php AddHandler fcgid-script .php AddHandler fcgid-script .php5 AddHandler fcgid-script .php5.6 AddHandler fcgid-script .php7.0 FCGIWrapper /home/galactic/domains/code.galacticframework.org/fcgi-bin/php7.0.fcgi .php FCGIWrapper /home/galactic/domains/code.galacticframework.org/fcgi-bin/php5.fcgi .php5 FCGIWrapper /home/galactic/domains/code.galacticframework.org/fcgi-bin/php5.6.fcgi .php5.6 FCGIWrapper /home/galactic/domains/code.galacticframework.org/fcgi-bin/php7.0.fcgi .php7.0 RewriteEngine on RewriteCond %{HTTP_HOST} =webmail.code.galacticframework.org RewriteRule ^(.) https://webmail.airshock.net [R] RewriteCond %{HTTP_HOST} =admin.code.galacticframework.org RewriteRule ^(.*) https://code.galacticframework.org:10000/ [R] RemoveHandler .php RemoveHandler .php5 RemoveHandler .php5.6 RemoveHandler .php7.0 FcgidMaxRequestLen 1073741824 allow from all Redirect /mail/config-v1.1.xml /cgi-bin/autoconfig.cgi Redirect /.well-known/autoconfig/mail/config-v1.1.xml /cgi-bin/autoconfig.cgi ScriptAlias /AutoDiscover/AutoDiscover.xml /home/galactic/domains/code.galacticframework.org/cgi-bin/autoconfig.cgi ScriptAlias /Autodiscover/Autodiscover.xml /home/galactic/domains/code.galacticframework.org/cgi-bin/autoconfig.cgi ScriptAlias /autodiscover/autodiscover.xml /home/galactic/domains/code.galacticframework.org/cgi-bin/autoconfig.cgi DAV on AuthType Basic AuthName code.galacticframework.org AuthUserFile /home/galactic/domains/code.galacticframework.org/etc/git.basic.passwd Require valid-user Satisfy All RedirectMatch ^/git$ http://code.galacticframework.org/git/gitweb.cgi RedirectMatch ^/git/$ http://code.galacticframework.org/git/gitweb.cgi RewriteEngine off AddHandler cgi-script .cgi ProxyPass /git/ ! ProxyPassReverse /git/ ! Require user gfw SSLEngine on SSLCertificateFile /home/galactic/domains/code.galacticframework.org/ssl.cert SSLCertificateKeyFile /home/galactic/domains/code.galacticframework.org/ssl.key SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1 SSLCACertificateFile /home/galactic/domains/code.galacticframework.org/ssl.ca

The referenced file (/home/galactic/domains/code.galacticframework.org/etc/git.basic.passwd) exists as well and contains the username of the account I added with a hashed password next to it.

How can I solve this problem so I can log in to and begin using my new Git repository? I am using Virtualmin 5.99 Professional on a CentOS 7.3.1611 x64 system with all components up to date.

Status: 
Active

Comments

Can you post what gets logged to the domain's error_log file under /var/log/virtualmin when you try to access your Git repository?

Here is the relevant line from the Apache error log:

[Mon Jun 19 15:48:21.627187 2017] [authz_core:error] [pid 21074:tid 140422525949696] [client 192.168.255.33:37026] AH01631: user gfw: authorization failure for "/git/galactic.git":

Note that 192.168.255.33 is the IP address of the load balancer forwarding requests on to my backend Web nodes.

Oh - "gfw" is the correct username that I was trying to use to log in to the Git repository. I created it using the "Edit Users" page in Virtualmin for the virtual server and double-checked the password as well.

Is the gfw the full username, as shown on the Edit Users page? Typically usernames also have the first part of the domain name appended.

Actually, the full username (as shown on the Edit Users page) is gfw@code.galacticframework.org, but I only put in "gfw" into the login box because I assumed that only the username portion of the e-mail address was required.

What usernames are in /home/galactic/domains/code.galacticframework.org/etc/git.basic.passwd on your system?

Hmm .. are you sure the correct password is being used?

Yes. I even copied and pasted the password from Virtualmin (Edit Users > click on "gfw" user > click "Show" link to open password in a new window). Should LI try changing the password and then seeing what happens? I mean again it was directly copied and pasted so I don't know if changing it would help....

I have the same issue me too.

Maybe it's because I recently changed the user password ?

Or maybe there's an ssh issue ?

What is it with the file from /etc called git.basic.passwd ? I can see a hash string. Is that my password? If so .. then is my old password. What should I do?

EDIT: Yeah. It works with the old password but I have to type it twice.

So the git password wasn't synced with the user's SSH / email password?