[one-users] What happens to JAVA OCA if I turn on certificate based authentication ?

Gian Uberto Lauri saint at eng.it
Fri Nov 11 14:01:01 PST 2011


On 11/11/11 19:05, Carlos Martín Sánchez wrote:
> Hi,
>
> It should read the token generated by 'oneuser login' and keep working
> as usual.

Sorry, I do not get you. The Client class in Java OCA wants an user name 
and a secret in version 2 and also in version 3 if I am not wrong.

So, how does authentication work when I use that such a Client instance 
to contact OpenNebula from within a Java program ?

The Java Program shells out oneuser ? And with which credentials ?

Or may I have both base authentication and, say LDAP ? It seems I can't 
have both base and X509 based authentication if I got well the docs from 
release 3.

I am asking these questions because I am working on an OCCI front end 
that accepts OVF messages and uses OCA to contact OpenNebula, acting as 
a sort of translator OVF->Template.

Now we are building the authentication part. The OCCI front end uses 
certificates based authentication when receiving an user request, and 
then it must authenticate itself in OpenNebula with an identity matching 
that of the user that did the original request.

Cutting out any other access to OpenNebula rather than this OCCI 
front-end could solve the problem easily, but if I want to let some 
users access to the cloud through Sunstone the original solution does 
not work well...


> Regards.
> --
> Carlos Martín, MSc
> Project Engineer
> OpenNebula - The Open Source Toolkit for Data Center Virtualization
> www.OpenNebula.org <http://www.OpenNebula.org> | cmartin at opennebula.org
> <mailto:cmartin at opennebula.org> | @OpenNebula
> <http://twitter.com/opennebula> <mailto:cmartin at opennebula.org>
>
>
> On Fri, Nov 11, 2011 at 5:20 PM, Gian Uberto Lauri <saint at eng.it
> <mailto:saint at eng.it>> wrote:
>
>     Hello gentlemen!
>
>     JAVA OCA Client object relies  on the user/secret authentication. What
>     happens to OCA  when one turns on an external  mean of authentication,
>     maybe certificates or LDAP?



-- 
ing. Gian Uberto Lauri
Ricercatore / Reasearcher
Laboratorio Ricerca e Sviluppo / Research & Development Lab.
Area Calcolo Distribuito / Distributed Computation Area

GianUberto.Lauri at eng.it

Engineering Ingegneria Informatica spa
Corso Stati Uniti 23/C, 35127 Padova (PD)
Tel. +39-049.8283.571         | main(){printf(&unix["\021%six\012\0"],
Fax  +39-049.8283.569             |    (unix)["have"]+"fun"-0x60);}
Skype: gian.uberto.lauri          |          David Korn, AT&T Bell Labs
http://www.eng.it                         |          ioccc best One 
Liner, 1987



More information about the Users mailing list