[one-users] OCCI opennebula user authentication 401 failure

Daniel Molina dmolina at opennebula.org
Tue Dec 20 07:09:52 PST 2011 

Hi Stefano,

On 15 December 2011 15:27, Stefano Ghio <steghio at eng.it> wrote:
> Cheers,
>
> I have some questions about OCCI authentication with ONE.
>
> I set up ONE and the OCCI server fine.
>
> I start them with "./onestart.sh" and "occi-server start".
> I have 2 users: oneadmin:oneadmin and test:test. The second one was
> created with "oneuser create test test".
>
> The OCCI server is configured in /etc/one/occi-server.conf with:
>
>   * :auth: basic
>   * :server: localhost
>   * :port: 4567
>
> The machine is reachable at IP 192.168.23.44
>
> If I send a cURL:
>
> curl http://test:test@192.168.23.44:4567/-/
>
> I always get a 401 Authentication Failure. Using oneadmin:oneadmin does
> not change anything.
>
> I can easily access ONE configuration through the Sunstone interface
> with oneadmin:oneadmin though it does not use OCCI so I don't think it's
> related to my problem.
>
> I tried with curl --basic --user test:test http://etc.. and curl -X GET
> etc.. but no luck.
>
> It only works if I send the request with test:sha1(test) which implies I
> must sha1 the password before sending the request

You have to hash the password before sending it with curl

>
>   * How do I send a proper request to the OCCI server with cURL?
>   * As last resort, how can I disable authentication? Documentation [1]
>     only says either "basic" or "x509". I tried "none" and "false" but
>     it didn't work, I got a 500 Internal server error since ":auth:" was
>     not specified properly
>

The authentication cannot be disabled from the configuration file. It
would need a bit of hacking, but if you are interested I can show you
what changes should be made in the code.

Cheers.

> I'm just using cURL to test if it's working properly, as I will later
> try to do the same from a Java client. Which leads me to the next
> question: where do I find a Java client which supports user
> authentication? I tried occi4java[2] which looks pretty complete but
> nowhere I found the possibility to pass the "user:pass" parameter.
>
> Thank you,
>
> have a nice day
>
> [1] http://opennebula.org/documentation:rel3.0:occicg#authorization_methods
> [2] https://github.com/occi4java/occi4java
> --
> Dr. Stefano Ghio - ENG Engineering Italy
>
> Website: http://groglogs.blogspot.com/
>
> If you received this message but you are not its recipient, please ignore it
> and warn me, thank you.
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>



-- 
Daniel Molina
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula

More information about the Users mailing list