Configuring the Salt API - Java

I am trying to use Salt-Api , so I created salt-api.conf in /etc/salt/master.d/ as follows:

 external_auth: pam: saltuser: - .* - '@wheel' # to allow access to all wheel modules - '@runner' # to allow access to all runner modules - '@jobs' # to allow access to the jobs runner and/or wheel module rest_cherrypy: port: 8000 ssl_crt: /etc/pki/tls/certs/localhost.crt ssl_key: /etc/pki/tls/certs/localhost.key disable_ssl: True webhook_disable_auth: True webhook_url: /hook 

the user in /etc/salt/master set as user: root . Therefore, when I try to authenticate with pam locally, it works:

 sudo salt -a pam '*' test.ping username: saltuser password: saltuser minion: True 

However, when I try to use curl, it fails:

 curl -i http://localhost:8000/login -H "Accept: application/json" -d username='saltuser' -d password='saltuser' -d eauth='pam' HTTP/1.1 401 Unauthorized Content-Length: 760 Access-Control-Expose-Headers: GET, POST Vary: Accept-Encoding Server: CherryPy/3.5.0 Allow: GET, HEAD, POST Access-Control-Allow-Credentials: true Date: Mon, 16 Jan 2017 05:51:48 GMT Access-Control-Allow-Origin: * Content-Type: text/html;charset=utf-8 Set-Cookie: session_id=f4c747f23e95ea7742a11a6e6cef146b91a31737; expires=Mon, 16 Jan 2017 15:51:48 GMT; Path=/ <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"></meta> <title>401 Unauthorized</title> <style type="text/css"> #powered_by { margin-top: 20px; border-top: 2px solid black; font-style: italic; } #traceback { color: red; } </style> </head> <body> <h2>401 Unauthorized</h2> <p>Could not authenticate using provided credentials</p> <pre id="traceback"></pre> <div id="powered_by"> <span> Powered by <a href="http://www.cherrypy.org">CherryPy 3.5.0</a> </span> </div> </body> </html> 

Thus, I cannot connect to the Java client or to the Python client. What am I missing in my configuration? salt-master already running as root. From my Java code:

 import com.suse.salt.netapi.AuthModule; import com.suse.salt.netapi.calls.WheelResult; import com.suse.salt.netapi.calls.wheel.Key; import com.suse.salt.netapi.client.SaltClient; import com.suse.salt.netapi.exception.SaltException; import java.net.URI; import java.util.Optional; /** * Example code calling wheel functions. */ public class Salt { private static final String SALT_API_URL = " http://localhost:8000"; private static final String USER = "saltuser"; private static final String PASSWORD = "saltuser"; public static void main(String[] args) throws SaltException { // Init the client SaltClient client = new SaltClient(URI.create(SALT_API_URL)); // List accepted and pending minion keys WheelResult<Key.Names> keyResults = Key.listAll().callSync( client, USER, PASSWORD, AuthModule.AUTO); Key.Names keys = keyResults.getData().getResult(); System.out.println("\n--> Accepted minion keys:\n"); keys.getMinions().forEach(System.out::println); System.out.println("\n--> Pending minion keys:\n"); keys.getUnacceptedMinions().forEach(System.out::println); // Generate a new key pair and accept the public key WheelResult<Key.Pair> genResults = Key.genAccept("new.minion.id", Optional.empty()) .callSync(client, USER, PASSWORD, AuthModule.AUTO); Key.Pair keyPair = genResults.getData().getResult(); System.out.println("\n--> New key pair:"); System.out.println("\nPUB:\n\n" + keyPair.getPub()); System.out.println("\nPRIV:\n\n" + keyPair.getPriv()); } } com.suse.salt.netapi.exception.SaltUserUnauthorizedException: Salt user does not have sufficient permissions at com.suse.salt.netapi.client.impl.HttpClientConnection.createSaltException(HttpClientConnection.java:217) at com.suse.salt.netapi.client.impl.HttpClientConnection.executeRequest(HttpClientConnection.java:204) at com.suse.salt.netapi.client.impl.HttpClientConnection.request(HttpClientConnection.java:85) at com.suse.salt.netapi.client.impl.HttpClientConnection.getResult(HttpClientConnection.java:73)