[one-users] Sunstone expired token issue using x509

Emmanuel Mathot emmanuel.mathot at gmail.com
Wed Nov 16 08:58:49 PST 2011 

That would be very useful. If at least we can specify a validity time, this is fine.

Thank you.


On 16 Nov 2011, at 17:42, Steven Timm wrote:

> We saw this happen too, they gave us a patch to expand the token
> to 1 hour--if you want details we can dig them up and send them.
> It's just changing one argument in one of the ruby files.
> 
> Steve Timm
> 
> 
> On Wed, 16 Nov 2011, Emmanuel Mathot wrote:
> 
>> Hello,
>> 
>> I configured (a bit painfully but successfully) all the authentication mechanism with X509 either from CLI or sunstone (SSL proxy).
>> Unfortunately from the cloud operations center, the token generated by sunstone (not sure) does not last very long and after a very short time (2min?), it is necessary to reload the page from the browser in order to recreate a token.
>> 
>> oned.log:
>> 
>> Wed Nov 16 17:32:35 2011 [AuM][D]: Message received: AUTHENTICATE FAILURE 668 login token expired
>> 
>> Wed Nov 16 17:32:35 2011 [AuM][E]: Auth Error: login token expired
>> Wed Nov 16 17:32:35 2011 [ReM][E]: [HostPoolInfo] User couldn't be authenticated, aborting call.
>> Wed Nov 16 17:32:47 2011 [ReM][D]: ImagePoolInfo method invoked
>> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG I 669 Command execution fail: /var/lib/one/remotes/auth/server/authenticate emathot <DN>  <token>
>> 
>> Wed Nov 16 17:32:47 2011 [AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server/authenticate emathot <DN>  <token>
>> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG E 669 login token expired
>> 
>> Wed Nov 16 17:32:47 2011 [AuM][I]: login token expired
>> Wed Nov 16 17:32:47 2011 [AuM][D]: Message received: LOG I 669 ExitCode: 255
>> 
>> Is there any way to increase this token expiration time?
>> 
>> Regards,
>> 
>> Emmanuel Mathot
> 
> -- 
> ------------------------------------------------------------------
> Steven C. Timm, Ph.D  (630) 840-8525
> timm at fnal.gov  http://home.fnal.gov/~timm/
> Fermilab Computing Division, Scientific Computing Facilities,
> Grid Facilities Department, FermiGrid Services Group, Group Leader.
> Lead of FermiCloud project.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1627 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20111116/567f2d5b/attachment-0003.bin>

More information about the Users mailing list