[one-users] Sunstone issue

Daniel Molina dmolina at opennebula.org
Mon Oct 24 06:14:09 PDT 2011

On 20 October 2011 17:48, Faarooq Lowe <lowe at fnal.gov> wrote:
> We are using x509 to authenticate across the board and our KCA credentials work fine using command line and running one commands from the shell.  However, when we attempt to log into sunstone we receive the following error:
> Wed Oct 19 13:11:20 2011 [AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server/authentica
> te lowe </SUBJECT of the certificate>  <HUGE hash string>
> Wed Oct 19 13:11:20 2011 [AuM][D]: Message received: LOG E 617 login token expired

When the login token is generated you have to define a expiration time
for the token. It looks like your token is not valid and you should
generate a new one.

> Now using our x509 DOE certificate we are allowed to get in.  Now the only difference I see is our KCA has a colon in it as opposed to our DOE which does not.  I recall hearing there were issues with colons and parsing, is that still an issue in the general release?  If not, is there a fix that should be applied to our installation?

In OpenNebula 3.0, passwords containing colons are not supported so
that certificates whose DNs contain colons cannot be authenticated. We
are solving this limitation for OpenNebula 3.2. I will let you know
when the code is ready in the repo. You can follow up its development
in the following ticket:



Daniel Molina
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | @dmamolina

More information about the Users mailing list