[one-users] x509 Auth Failing after 24 hours
Daniel Molina
dmolina at opennebula.org
Fri Dec 16 09:53:19 PST 2011
Hi,
On 16 December 2011 05:01, Anthony Tiradani <tiradani at fnal.gov> wrote:
> I should also mention that this is an OpenNebula 3.1 installation (via the
> rpm) on Scientific Linux 6.1. I have the DEBUG setting set to 3 which
> according to the comments in oned.conf should be the most verbose.
>
The logs should show more information, something like:
Fri Dec 16 09:49:45 2011 [AuM][D]: Message received: AUTHENTICATE SUCCESS 1526 -
and in case of FAILURE it will contain information about it
> In trying to debug, I used the authenticate script in
> /var/lib/one/remotes/auth/x509 which imports and uses
> /usr/lib/one/ruby/x509_auth.rb. If I take the token that is decrypted from
> the file /var/lib/one/.one/one_x509 I can perform openssl operations on it
> and verify it. If I run the values through the authenticate script, I find
> that there is a problem parsing the CA chain. When it calculates the hash
> value for the CA, it is dropping a leading 0 which makes the file path
> invalid. Could this be the problem?
Would yo mind to try with a symlink and check if that fixes the problem?
Kind regards.
>
> Thanks,
>
> Anthony Tiradani
> tiradani at fnal.gov
> +1 630 840 4479
>
>
> On 12/15/11 5:07 PM, Anthony Tiradani wrote:
>
> This is the only message I get in oned.log:
>
> Thu Dec 15 17:05:47 2011 [ReM][E]: [HostPoolInfo] User couldn't be
> authenticated, aborting call.
>
> I am running onehost list when I see that error.
>
> Anthony Tiradani
> tiradani at fnal.gov
> +1 630 840 4479
>
>
> On 12/15/2011 03:40 PM, Ruben S. Montero wrote:
>
> Hi,
>
> Could you send the messages in oned.log file? You should see there
> messages from the driver describing the error...
>
> Cheers
>
> Ruben
>
> On Thu, Dec 15, 2011 at 5:31 PM, Anthony Tiradani <tiradani at fnal.gov> wrote:
>
> Hi,
>
> I am trying to setup OpenNebula with x509 authentication. I am using
> sqlite as the DB back end for now. I am following the documentation
> here: http://opennebula.org/documentation:rel3.0:x509_auth
>
> I've configured everything correctly as far as I can tell. I can
> successfully use x509 to login, but after 24 hours (no matter what I set
> the expire time to with the --time argument) I get error messages saying
> that the user couldn't be authenticated.
>
> I've tried re-running the "oneuser login ..." command to no avail. The
> only thing that works is if I delete one.db and restart OpenNebula.
> Then I can log in just fine, but all the configuration that I have done
> is lost. What do I have to do to fix this?
>
> Thanks,
>
> --
> Anthony Tiradani
> tiradani at fnal.gov
> +1 630 840 4479
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
--
Daniel Molina
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
More information about the Users
mailing list