[one-users] Sunstone and x509 Authentication
Faarooq Lowe
lowe at fnal.gov
Thu Dec 15 15:13:12 PST 2011
We are still having problems getting sunstone to work with x509
authentication.
Could someone please advise?
Here is what we have
sunstone-server.conf
# Server Configuration
:host: 127.0.0.1
:port: 9869
# Authentication driver for incomming requests
# sunstone, for OpenNebula's user-password scheme
# x509, for x509 certificates based authentication
#:auth: sunstone
:auth: x509
# Authentication driver to communicate with OpenNebula core
# cipher, for symmetric cipher encryption of tokens
# x509, for x509 certificate encryption of tokens
#:core_auth: server_cipher
:core_auth: x509
# Life-time in seconds for token renewal (that used to handle OpenNebula
auths)
:token_expiration_delta: 1800
server_x509_auth.conf
# User to be used for x509 server authentication
:srv_user: serveradmin
# Path to the certificate used by the OpenNebula Services
# Certificates must be in PEM format
:one_cert: "/etc/grid-security/hostcert.pem"
:one_key: "/etc/grid-security/hostkey.pem"
serveradmin information
-bash-3.2$ oneuser show 1
USER 1 INFORMATION
ID : 1
NAME : serveradmin
GROUP : 0
PASSWORD : <DN with no spaces>
AUTH_DRIVER : x509
ENABLED : Yes
USER TEMPLATE
Logs
oned.log
Thu Dec 15 17:04:28 2011 [AuM][E]: Auth Error: undefined method
`public_key' for nil:NilClass
sunstone.log
131.225.168.168 - - [15/Dec/2011 17:03:26] "GET / HTTP/1.1" 200 1384 0.0037
131.225.168.168 - - [15/Dec/2011 17:04:28] "POST /login HTTP/1.1" 500 61
0.0802
More information about the Users
mailing list