[one-users] XML-RPC API 2.2 - Session string when ssh authentication

[Daniel Molina]

Hi Javier,

On 20 September 2011 22:39, Javier Diaz <javier.diazmontes at gmail.com> wrote:
> I am using OpenNebula 2.2 and I have a program that interact with it using
> the XML-RPC API for python. The authentication in OpenNebula has been
> configured to use the ssh keys.
>
> I can interact with OpenNebula using the oneadmin user with a session string
> like <username>:<SHA1(password)>. However, when I try to do the same for a
> normal user <username>:<SHA1(public_sshkey)> it does not work. I have tried
> different session string but I didn't find the right one. So, what is the
> structure of the session string that I need to use?

The token structure in OpenNebula 2.2 should be as follows:
<username>:plain:<encripted_token>
and the encripted_token will contain the text
"username:expiratiion_time" encripted with the user private key.

This token can be automatically generated using the ''oneauth login''
[1] command. You can check the source code of this method in the
following link [2]

FYI, we have added a new auth module to OpenNebula 3.0. With this new
driver you can authenticate using x509 cerfiticates, ssh or even build
your own auth system. For more information check the 3.0
documentation. [3]

Moreover the OpenNebula default auth system has been extended and you
can create groups, set ACLs for specific users, groups or resources
and set quotas. [4]

Kind regards.

LINKS
OpenNebula 2.2
[1] SSH login:
http://www.opennebula.org/documentation:archives:rel2.2:users#ssh
[2] oneauth login source:
https://github.com/OpenNebula/one/blob/one-2.2/src/authm_mad/ssh_auth.rb#L76

OpenNebula 3.0
[3] External Auth:
http://www.opennebula.org/documentation:rel3.0:external_auth
[4] Auth Subsystem:
http://www.opennebula.org/documentation:rel3.0:auth_overview

-- 
Daniel Molina, Cloud Technology Engineer
Major Contributor
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | dmolina at opennebula.org