[one-users] Sunstone login failure - bad decrypt
Hector Sanjuan
hsanjuan at opennebula.org
Mon Apr 9 08:27:10 PDT 2012
Hello,
the server admin password in opennebula is sha1 hashed. Try
oneuser passwd 1 password --sha1
Hope it helps,
Hector
En Mon, 09 Apr 2012 16:48:12 +0200, Carlos Jiménez
<cjimenez at eneotecnologia.com> escribió:
> Hi Carlos,
>
> According to the part of the update of the serveradmin password, I
> thought it was enough using 'oneuser passwd' command. It seems I was
> wrong. Therefore, I've tried this:
> 1. 'oneuser passwd 1 password'
> 2. Editing sunstone_auth and modifying the password field (from
> "32e5b0cdcc08c836dfac6a598695fd2e84acebc0" to "password").
> 3. Log in to the Sunstone Web Interface with oneadmin credentials
>
> I think that matches the procedure explained in the documentation.
> However, the result has been the same as previously (failure), but in
> this case, oned.log showed a message related to the use of a key length
> too short. This is the output:
>
> Mon Apr 9 16:28:17 2012 [ReM][D]: UserPoolInfo method invoked
> Mon Apr 9 16:28:17 2012 [AuM][D]: Message received: LOG I 0 Command
> execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate
> 'serveradmin' 'password'
> JiInGlGUMB3IBo5GK9w3q9POxvRC8z/NdZLtEQpuno4jkwpY1kQDn0gO4ao3hol/
> Mon Apr 9 16:28:17 2012 [AuM][I]: Command execution fail:
> /var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin'
> 'password'
> JiInGlGUMB3IBo5GK9w3q9POxvRC8z/NdZLtEQpuno4jkwpY1kQDn0gO4ao3hol/
> Mon Apr 9 16:28:17 2012 [AuM][D]: Message received: LOG E 0 key length
> too short
> Mon Apr 9 16:28:17 2012 [AuM][I]: key length too short
> Mon Apr 9 16:28:17 2012 [AuM][D]: Message received: LOG I 0 ExitCode:
> 255
> Mon Apr 9 16:28:17 2012 [AuM][I]: ExitCode: 255
> Mon Apr 9 16:28:17 2012 [AuM][D]: Message received: AUTHENTICATE
> FAILURE 0 key length too short
> Mon Apr 9 16:28:17 2012 [AuM][E]: Auth Error: key length too short
> Mon Apr 9 16:28:17 2012 [ReM][E]: [UserPoolInfo] User couldn't be
> authenticated, aborting call.
>
>
> Additional information:
>
> ### sunstone_auth ###
> serveradmin:password
>
> ### 'oneuser list -x' ###
> <USER_POOL>
> <USER>
> <ID>0</ID>
> <GID>0</GID>
> <GNAME>oneadmin</GNAME>
> <NAME>oneadmin</NAME>
> <PASSWORD>b29f6e6fed87fb100ae2e5921d66eb76d5670af7</PASSWORD>
> <AUTH_DRIVER>core</AUTH_DRIVER>
> <ENABLED>1</ENABLED>
> <TEMPLATE/>
> </USER>
> <USER>
> <ID>1</ID>
> <GID>0</GID>
> <GNAME>oneadmin</GNAME>
> <NAME>serveradmin</NAME>
> <PASSWORD>password</PASSWORD>
> <AUTH_DRIVER>server_cipher</AUTH_DRIVER>
> <ENABLED>1</ENABLED>
> <TEMPLATE/>
> </USER>
> </USER_POOL>
>
> I thought it was enough using oneuser and editing sunstone-auth. Does it
> require additional actions?
>
>
> Thanks,
>
> Carlos.
>
>
>
>
>
>
>
> On 04/09/2012 10:51 AM, Carlos Martín Sánchez wrote:
>> Hi,
>>
>> serveradmin is a special user that the servers, like sunstone, use to
>> forward user requests to the core. You can't login with that user.
>>
>> You have more information about the opennebula authentication here
>> [1], and what is the serveradmin account here [2]. In that second link
>> you will also find how to configure the servers to use the updated
>> serveradmin password you set.
>>
>> Regards
>>
>> [1] http://www.opennebula.org/documentation:rel3.2:external_auth
>> [2] http://www.opennebula.org/documentation:rel3.2:cloud_auth
>>
>> --
>> Carlos Martín, MSc
>> Project Engineer
>> OpenNebula - The Open-source Solution for Data Center Virtualization
>> www.OpenNebula.org <http://www.OpenNebula.org> |
>> cmartin at opennebula.org <mailto:cmartin at opennebula.org> | @OpenNebula
>> <http://twitter.com/opennebula>
>>
>>
>>
>> 2012/4/8 Carlos Jiménez <cjimenez at eneotecnologia.com
>> <mailto:cjimenez at eneotecnologia.com>>
>>
>> Hello everybody,
>>
>> I have four computers with CentOS 6.2: 1 running as a NFS Server,
>> 2 as Host with KVM hypervisor installed and 1 as a Front-End with
>> OpenNebula 3.2.1 installed.
>> According to the documentation, ssh, oneadmin uid/gid, user
>> profile (shared between all the computers by using NFS)... all of
>> them have been set up.
>> Additionally, I've installed and configured the front-end server
>> to use MySQL instead of SQLite. After granting the right
>> permissions to the opennebula table for the oneadmin user and once
>> I've modified /etc/one/oned.conf DB options, this part is running
>> fine too.
>>
>> I've used oneuser to modify the password of serveradmin and it
>> seems that it was successful.
>> This is the output of 'oneuser list':
>>
>> ID GROUP NAME AUTH
>> PASSWORD
>> 0 oneadmin oneadmin core
>> b29f6e6fed87fb100ae2e5921d66eb76d5670af7
>> 1 oneadmin serveradmin server_c
>> a7d66b6799d29142042316cc8cee0f3c81eac33e
>>
>>
>> I've launched oned, oneacctd and sunstone-server as oneadmin and
>> all of them are running:
>>
>> oneadmin 11364 0.0 0.1 1460920 10476 ? Sl Apr04 0:20
>> /usr/bin/oned -f
>> oneadmin 11389 0.0 0.0 43764 7020 ? SNl Apr04 3:29
>> \_ ruby /usr/lib/one/mads/one_vmm_exec.rb -t 15 -r 0 kvm
>> oneadmin 11400 0.0 0.0 39304 3984 ? SNl Apr04 3:28
>> \_ ruby /usr/lib/one/mads/one_im_exec.rb -r 0 -t 15 kvm
>> oneadmin 11410 0.0 0.0 39248 3932 ? SNl Apr04 3:27
>> \_ ruby /usr/lib/one/mads/one_tm.rb tm_shared/tm_shared.conf
>> oneadmin 11424 0.0 0.0 39212 3864 ? SNl Apr04 3:28
>> \_ ruby /usr/lib/one/mads/one_hm.rb
>> oneadmin 11435 0.0 0.0 39308 3988 ? SNl Apr04 3:36
>> \_ ruby /usr/lib/one/mads/one_image.rb fs -t 15
>> oneadmin 11445 0.2 0.0 39388 4104 ? SNl Apr04 13:16
>> \_ ruby /usr/lib/one/mads/one_auth_mad.rb --authn
>> ssh,x509,ldap,server_cipher,server_x509
>> oneadmin 11365 0.0 0.0 192196 5424 ? Sl Apr04 0:19
>> /usr/bin/mm_sched
>> oneadmin 11461 0.0 0.4 113828 32700 ? S Apr04 0:13
>> ruby /usr/lib/one/ruby/acct/acctd.rb
>> oneadmin 11471 0.0 0.5 163548 43708 ? Sl Apr04 5:29
>> ruby /usr/lib/one/sunstone/sunstone-server.rb
>>
>>
>> However, when I try to log in to Sunstone web interface using
>> serveradmin or oneadmin credentials (or whatever else) it always
>> fails. In the web it states that "OpenNebula is not running".
>> I've checked oned.log and this is the output of both attempts:
>>
>>
>> ### serveradmin login attempt ###
>>
>> Sun Apr 8 15:02:05 2012 [ReM][D]: UserPoolInfo method invoked
>> Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG I 9
>> Command execution fail:
>> /var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin'
>> 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
>> gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
>> Sun Apr 8 15:02:05 2012 [AuM][I]: Command execution fail:
>> /var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin'
>> 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
>> gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
>> Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG E 9 bad
>> decrypt
>> Sun Apr 8 15:02:05 2012 [AuM][I]: bad decrypt
>> Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: LOG I 9
>> ExitCode: 255
>> Sun Apr 8 15:02:05 2012 [AuM][I]: ExitCode: 255
>> Sun Apr 8 15:02:05 2012 [AuM][D]: Message received: AUTHENTICATE
>> FAILURE 9 bad decrypt
>> Sun Apr 8 15:02:05 2012 [AuM][E]: Auth Error: bad decrypt
>> Sun Apr 8 15:02:05 2012 [ReM][E]: [UserPoolInfo] User couldn't be
>> authenticated, aborting call.
>>
>>
>> ### oneadmin login attempt ###
>>
>> Sun Apr 8 15:02:18 2012 [ReM][D]: UserPoolInfo method invoked
>> Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG I 10
>> Command execution fail:
>> /var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin'
>> 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
>> gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
>> Sun Apr 8 15:02:18 2012 [AuM][I]: Command execution fail:
>> /var/lib/one/remotes/auth/server_cipher/authenticate 'serveradmin'
>> 'a7d66b6799d29142042316cc8cee0f3c81eac33e'
>> gmxtq1n6pxBEwnyjP94dU1EihSzqOU3bQgVxVpIEizqsxonauO8PP/sNTclxWciE
>> Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG E 10 bad
>> decrypt
>> Sun Apr 8 15:02:18 2012 [AuM][I]: bad decrypt
>> Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: LOG I 10
>> ExitCode: 255
>> Sun Apr 8 15:02:18 2012 [AuM][I]: ExitCode: 255
>> Sun Apr 8 15:02:18 2012 [AuM][D]: Message received: AUTHENTICATE
>> FAILURE 10 bad decrypt
>> Sun Apr 8 15:02:18 2012 [AuM][E]: Auth Error: bad decrypt
>> Sun Apr 8 15:02:18 2012 [ReM][E]: [UserPoolInfo] User couldn't be
>> authenticated, aborting call.
>> Sun Apr 8 15:02:22 2012 [ReM][D]: HostPoolInfo method invoked
>> Sun Apr 8 15:02:22 2012 [ReM][D]: VirtualMachinePoolInfo method
>> invoked
>> Sun Apr 8 15:02:22 2012 [ReM][D]: AclInfo method invoked
>>
>> I think that cipher_server is the right auth option in this case.
>> Notice that authenticate script in both cases receive
>> 'serveradmin' credentials regardless of the use of oneadmin
>> credentials in the second attempt.
>>
>> Please, could anybody help me with this login failure issue?
>>
>> Let me know if you need anything else.
>>
>>
>> Thanks in advance.
>>
>> Carlos.
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org <mailto:Users at lists.opennebula.org>
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
--
Hector Sanjuan
OpenNebula Developer
More information about the Users
mailing list