[one-users] Sunstone and x509 Authentication

Faarooq Lowe lowe at fnal.gov
Thu Dec 15 15:13:12 PST 2011


We are still having problems getting sunstone to work with x509 
authentication.

Could someone please advise?

Here is what we have

sunstone-server.conf

# Server Configuration
:host: 127.0.0.1
:port: 9869

# Authentication driver for incomming requests
#   sunstone, for OpenNebula's user-password scheme
#   x509, for x509 certificates based authentication
#:auth: sunstone
:auth: x509

# Authentication driver to communicate with OpenNebula core
#   cipher, for symmetric cipher encryption of tokens
#   x509, for x509 certificate encryption of tokens
#:core_auth: server_cipher
:core_auth: x509

# Life-time in seconds for token renewal (that used to handle OpenNebula 
auths)
:token_expiration_delta: 1800

server_x509_auth.conf

# User to be used for x509 server authentication

:srv_user: serveradmin

# Path to the certificate used by the OpenNebula Services
# Certificates must be in PEM format

:one_cert: "/etc/grid-security/hostcert.pem"
:one_key: "/etc/grid-security/hostkey.pem"

serveradmin information

-bash-3.2$ oneuser show 1
USER 1 INFORMATION
ID             : 1
NAME           : serveradmin
GROUP          : 0
PASSWORD       : <DN with no spaces>
AUTH_DRIVER    : x509
ENABLED        : Yes

USER TEMPLATE

Logs

oned.log

Thu Dec 15 17:04:28 2011 [AuM][E]: Auth Error: undefined method 
`public_key' for nil:NilClass

sunstone.log

131.225.168.168 - - [15/Dec/2011 17:03:26] "GET / HTTP/1.1" 200 1384 0.0037
131.225.168.168 - - [15/Dec/2011 17:04:28] "POST /login HTTP/1.1" 500 61 
0.0802








More information about the Users mailing list