[Nfd-dev] Auto prefix propagation on multiple machines

Junxiao Shi shijunxiao at email.arizona.edu
Wed Mar 22 07:54:58 PDT 2017


Hi Jongdeog

“authorization reject” is the message used in the management dispatcher on ControlResponse with code 403.
NFD-RIB commands on /localhop/nfd/rib prefix is verified by the trust schema defined on rib.localhop_security config section.
If you are getting 403 in reply to a prefix registration command, this means the command is not authenticated or authorized by that trust schema.

It’s intentional to hide the detailed error from the client, to prevent leaking sensitive information.
Currently, the detailed error isn’t logged on the server (router) side either. You may try to add logging to the authorization function <https://github.com/named-data/NFD/blob/d396b61ba14a84b34d3ae65db4530062f7d43301/rib/rib-manager.cpp#L331>, and install the re-compiled version on the router.

Yours, Junxiao

> On Mar 17, 2017, at 1:59 PM, Lee, Jongdeog <jlee700 at illinois.edu> wrote:
> what are the conditions that the NDN node replies this error message to the producer regarding auto prefix registration: "authorization rejected"
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/nfd-dev/attachments/20170322/a570e30c/attachment.html>


More information about the Nfd-dev mailing list