MOSRS authentication : ERROR checking password

Paul.Gregory · 10 September 2024 04:43

Hi all.

My MOSRS account is now re-activated and I’m getting set up on gadi for the first time (previously I used MOSRS on raijin).

I’ve added the following to ~/.subversion/servers

[groups]
metofficesharedrepos = code*.metoffice.gov.uk

[metofficesharedrepos]
username = XXXXXX # set to your username
store-plaintext-passwords = no

I’ve follow the steps described here: Setup — Aus2200 Training

module purge
module use /g/data/hr22/modulefiles
module load pbs cylc7
mosrs-auth

I’ve followed notes here : https://code.metoffice.gov.uk/trac/home/wiki/AuthenticationCaching

 $ grep  password-stores ~/.subversion/config 
# password-stores = gpg-agent,gnome-keyring,kwallet
# password-stores =

The following generates no output (which is correct):

$ rose config --print-conf -f ~/.subversion/config auth password-stores

But authentication fails with the following error:

$ mosrs-auth
MOSRS username XXXXX # set to your username - change in ~/.subversion/servers
Current project dx2
Checking stored password...
ERROR checking password
HTTP Error 401: Unauthorized

The password I’ve entered is the same to access code.metoffice.gov.uk.

I have membership to ki32, and ki32_mosrs.

Cheers,

Paul

cbengel · 10 September 2024 04:57

Hi Paul,

Just in case this helps, the mosrs-auth is only required when checking out or committing a rose/cylc suite, so in general the authentication in not required all the time.

For research purposes it seems ok to just enter the name and password when running the mosrs-auth with no authentication caching.

That may not suite your purposes though … but may start you running if you are currently feeling stuck.

Best regards,

Chermelle

Paul.Gregory · 10 September 2024 05:50

Thanks Chermelle. Checkout of rose suites was standard BoM practise, I’m not familiar with other methods to obtaining a rose suite. What are they?

How can you run moss-auth with no authentication caching?

Note my MOSRS password works as I can execute the following:

$ fcm info https://code.metoffice.gov.uk/svn/glosea/main/trunk/rose-stem/bin/scitool-run@5989
Authentication realm: <https://code.metoffice.gov.uk:443> Met Office Code
Password for 'XXXXXX': ********************

Path: scitool-run
Name: scitool-run
URL: https://code.metoffice.gov.uk/svn/glosea/main/trunk/rose-stem/bin/scitool-run
Relative URL: ^/main/trunk/rose-stem/bin/scitool-run
Repository Root: https://code.metoffice.gov.uk/svn/glosea
Repository UUID: e14a8879-62c6-4f65-aad6-6a06efb4d672
Revision: 5989
Node Kind: file
Last Changed Author: joemancell
Last Changed Rev: 5989
Last Changed Date: 2023-06-20 19:35:03 +1000 (Tue, 20 Jun 2023)

Scott · 11 September 2024 00:28

Try the --force flag to make mosrs-auth request a password

Paul.Gregory · 11 September 2024 01:34

Hi Scott. I tried --force yesterday to no avail.

I’m going to look into the python calls within the mosrs-auth script and try to get a minimum working example up and running in python.

Aidan · 11 September 2024 02:59

Paul.Gregory:

I’ve added the following to ~/.subversion/servers

[groups]
metofficesharedrepos = code*.metoffice.gov.uk

[metofficesharedrepos]
username = XXXXXX # set to your username
store-plaintext-passwords = no

I assume you’re putting your actual username in that file and are obscuring it for security, which is good practice.

On that assumption it is worth checking the whole ~/.subversion/servers file. I had an error when I added something like that to the end, but there was already a [groups] defined, so it threw an error to that effect that was swallowed by the mosrs-auth script.

Paul.Gregory · 11 September 2024 05:02

Ok I solved it.

I created a python test script to see what the inputs mosrs-auth was passing to the urllib request.

The actual value of user inside the python script is

In [3]: user
Out[3]: 'myusername # set to your username'

I assumed that a bash comment would be ignored by the script. Not so - indeed the stdout from mosrs-auth was

MOSRS username XXXXX # set to your username - change in ~/.subversion/servers
Current project dx2

So all I did was change my ~/.subversion/config entry from

username = xxxxxxxx # set to your username

to

username = xxxxxxxx

And authentication works.

Onwards and upwards.

nathan-e · 21 March 2025 03:27

Thanks for chasing down this error @Paul.Gregory - I’ve just come back to checking out suites and had this exact issue. Fixed by removing the # set to your username comment

I just blindly copied the mosrs-auth auth cacheing advice into my subversion config file and left the comment there

A win for the ACCESS-Hive and one less thing I have to bug Scott with

Paul.Gregory · 21 March 2025 03:49

It’s good not to bug Scott with things like this

Topic		Replies	Views
MOSRS auth recently failing on Gadi Infrastructure	1	26	3 March 2025
Mosrs-auth not working after maintenance Unified Model help , um , solved	12	143	6 May 2024
First-time ACCESS-ESM1.5 user: how to request MOSRS account Earth System Model help , inscope , access-esm	7	99	27 February 2025
ACCESS/ROSE cannot access to Gadi Technical	2	444	11 May 2023
Rose-cylc broken General help , outofscope	4	44	6 January 2025

MOSRS authentication : ERROR checking password

Related topics