[one-users] x509 Auth Failing after 24 hours

Anthony Tiradani tiradani at fnal.gov
Thu Dec 15 20:01:08 PST 2011


I should also mention that this is an OpenNebula 3.1 installation (via 
the rpm) on Scientific Linux 6.1.  I have the DEBUG setting set to 3 
which according to the comments in oned.conf should be the most verbose.

In trying to debug, I used the authenticate script in 
/var/lib/one/remotes/auth/x509 which imports and uses 
/usr/lib/one/ruby/x509_auth.rb.  If I take the token that is decrypted 
from the file /var/lib/one/.one/one_x509 I can perform openssl 
operations on it and verify it.  If I run the values through the 
authenticate script, I find that there is a problem parsing the CA 
chain.  When it calculates the hash value for the CA, it is dropping a 
leading 0 which makes the file path invalid.  Could this be the problem?

Thanks,

Anthony Tiradani
tiradani at fnal.gov
+1 630 840 4479


On 12/15/11 5:07 PM, Anthony Tiradani wrote:
> This is the only message I get in oned.log:
>
> Thu Dec 15 17:05:47 2011 [ReM][E]: [HostPoolInfo] User couldn't be
> authenticated, aborting call.
>
> I am running onehost list when I see that error.
>
> Anthony Tiradani
> tiradani at fnal.gov
> +1 630 840 4479
>
>
> On 12/15/2011 03:40 PM, Ruben S. Montero wrote:
>> Hi,
>>
>> Could you send the messages in oned.log file? You should see there
>> messages from the driver describing the error...
>>
>> Cheers
>>
>> Ruben
>>
>> On Thu, Dec 15, 2011 at 5:31 PM, Anthony Tiradani<tiradani at fnal.gov>  wrote:
>>> Hi,
>>>
>>> I am trying to setup OpenNebula with x509 authentication.  I am using
>>> sqlite as the DB back end for now.  I am following the documentation
>>> here: http://opennebula.org/documentation:rel3.0:x509_auth
>>>
>>> I've configured everything correctly as far as I can tell.  I can
>>> successfully use x509 to login, but after 24 hours (no matter what I set
>>> the expire time to with the --time argument) I get error messages saying
>>> that the user couldn't be authenticated.
>>>
>>> I've tried re-running the "oneuser login ..." command to no avail.  The
>>> only thing that works is if I delete one.db and restart OpenNebula.
>>> Then I can log in just fine, but all the configuration that I have done
>>> is lost.  What do I have to do to fix this?
>>>
>>> Thanks,
>>>
>>> --
>>> Anthony Tiradani
>>> tiradani at fnal.gov
>>> +1 630 840 4479
>>>
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111215/eda9656b/attachment-0003.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3010 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111215/eda9656b/attachment-0003.bin>


More information about the Users mailing list