(Kali) Can't create GVM user, throws an error "Failed to create user: Invalid characters in user name"

Downgrading to Kali Linux 2022.2 seems to be the only possible solution currently:

Thank you for your response!

BUT, what do you mean my downgrading?
Won’t it be fixed with a future upgrade?
AND how to downgrade?
OR JUST TO USE:
sudo -E -u _gvm -g _gvm gvmd --user=admin --new-password=new_password

BUT, what do you mean my downgrading?

If i understand the user posted that suggestion correctly an older version of Kali has been used which doesn’t show this issue.

Won’t it be fixed with a future upgrade?

Everything indicates that a Kali upgrade (e.g. a specific 3rdparty package got updated) which introduced this problem. If this is indeed a problem in Kali then Greenbone can’t say something on this.

AND how to downgrade?

Hopefully @El_LoCo could share some insight on this.

Just curious is the lesson from this don’t use GVM with Kali as if I have to run a separate Debian install for this etc I can work with that and just remove it from Kali. Strange though as I have been using GVM with Kali for years and never had a problem until now.

AFAICT Kali is based on Debian testing so package bugs might always slip through which could cause such issues.

1 Like

I installed a brand new kali linux on my micro sd card.

I looked for the kali linux image, here :

https://kali.download/arm-images/

there are the old kali linux images.

I am updating kali linux 2022.2.

sudo apt-get dist-upgrade
sudo apt-get update
sudo apt-get upgrade

For the moment I have no problem, Greenbone works well. :+1:

2 Likes

Oh wait seems like there is a bunch of Kali updates that I never had on the weekend that have come through now will see if that helps.

The things that are officially supported from our side are always listed at the Greenbone Community Documentation These are currently the source build and container images for 21.4 and 22.4. If you find an issue in one of these, it is more likely that it gets fixed.

3 Likes

Thanks. Sadly the same error:

gsad gmp:WARNING:2022-09-19 13h08.31 utc:1486: Authentication failure for ‘’ from 10.47.134.50

Blank user ID in the log oh well I think what I will do is remove GVM from Kali and make up a VM dedicated to it on a different distribution.

Guys, I reinstalled the virtual machine here and I didn’t do the “apt upgrade -y” and “apt dist-upgrade -y”, just the “apt update”, the only problem is the upgrade!! after that I managed to create the user with the password!

@JhonezTI sounds like bug in kali library. you should file bug report in kali bug tracker.

Eero

I confirm having the exact same problem on an old install that’s been running for years. The updates from a couple of days before broke something. The webgui sends an empty string instead of the username, hence the “Authentication failure for ‘’ from x.x.x.x” warning in /var/log/gvm/gsad.log.
Creating a new user shows the exact same problems as described above.
I’ve run into an old thread from ~2020 that mentioned a double quoting issue when sending the username to the app server. Could this be the same problem?

Are you sure it’s Kali the real culprit?

We didn’t change any codeline in this regard. Containers, source build and enterprise version are still working fine. It must be an issue in Kali. It’s caused by a regex not working as before that is in our code for years. Personally I would bet for an undesired change in glib.

1 Like

I’ve noticed a few threads in the Kali Bug Tracker regarding this issue as well. It looks indeed like a string manipulation problem.

If it’s glib, shouldn’t more packages get broken really nasty? I mean the problem should have gotten noticed by a lot of people…

It could possibly be an escaping issue but in that case some implicit behavior must have changed. Somebody could just try to install an older glib version.

1 Like

Maybe you could link-up with the Kali guys, someone suggested gsad or one of its components:
https://bugs.kali.org/view.php?id=7926
I’ll cross reference this thread in the Kali thread as well.

The warning is raised in https://raw.githubusercontent.com/greenbone/gvmd/v21.4.5/src/manage_sql.c line 51281 because the validate_username function two lines before fails.

The validate_username function can be founde at https://github.com/greenbone/gvmd/blob/v21.4.5/src/manage.c#L6179 which actually only calls a glib regexp function.

validate_username (const gchar * name)
{
  if (g_regex_match_simple ("^[[:alnum:]-_.]+$", name, 0, 0))
    return 0;
  else
    return 1;
}

that’s it. If somebody finds a culprit here I am happy to fix it.

4 Likes

One additional thing to check could be also using a standard bash shell and a standard terminal:

AFAICT Kali used a highly customized ZSH shell with additional modifications etc., this could also send wrong data (e.g. some additional chars not matching that regex) or similar which could cause this issue.

The same happen on a standard Debian testing with bash so this seems to be not the case.

I’m not able to put any more work / time into triaging which updated package is causing this but if a community member wants to go down the rabbit hole maybe try to install Kali Linux 2022.2 and then update every package from 2022.3 step-wise to determine which updated package had caused this problem.

2 Likes

really now?
Can we have an official response from KALI LINUX Support Team?

@Panos,

No, they need time to investigate, while also handling multiple other things related to maintaining a distribution. They have received bug report(s), but repeated pinging or asking for status updates or responses (here or Kali directly) will not help the situation or speed up the resolution. Thank you for understanding.

1 Like