[one-users] questions on sunstone and serveradmin with x509

Hyun Woo Kim hyunwoo at fnal.gov
Wed Jul 18 14:57:49 PDT 2012


Dear ONe developers,

(We are using OpenNebula 3.2)

We are using SunStone GUI with my x509 certificate imported in my browser(firefox or chrome)
which means etc/sunstone-server.conf  is configured in the following way,
   :auth: x509
   :core_auth: x509

We also configured so that serveramin uses server_x509.

The manual says that 
for serveradmin who uses server_x509 driver, 
a special-format token will be created which contains
serveradmin:target_username:secret.

I have two questions:
1. I would like to know where this token can be found.
    I guess if I explicitly do "oneuser login serveradmin   ",
    it will be created somewhere such as /var/lib/one/.one,
   but in my situation, I do not do it but only use SunStone GUI..

2. When I enable the following line in remotes/auth/server_x509/authenticate,
OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")
    oned.log shows the secret part.
  When I perform base64 twice on the secret and then rsa-decode, 
  I see serveradmin:serveradmin:1342645861,
 not     serveradmin:target_user:1342645861,
I think this can be expected as server_x509_auth.rb shows,
  def login_token(expire, target_user=nil)
        target_user ||= @options[:srv_user]
        token_txt   =   "#{@options[:srv_user]}:#{target_user}:#{expire}"
   How can I enable SunStone to pass target_user (who uses SS with a certificate) to login_token?

Thanks,
Hyunwoo
FermiCloud Project




-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1959 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120718/042c1a8f/attachment.bin>


More information about the Users mailing list