[one-users] questions on sunstone and serveradmin with x509
Hyun Woo Kim
hyunwoo at fnal.gov
Wed Jul 18 14:57:49 PDT 2012
Dear ONe developers,
(We are using OpenNebula 3.2)
We are using SunStone GUI with my x509 certificate imported in my browser(firefox or chrome)
which means etc/sunstone-server.conf is configured in the following way,
:auth: x509
:core_auth: x509
We also configured so that serveramin uses server_x509.
The manual says that
for serveradmin who uses server_x509 driver,
a special-format token will be created which contains
serveradmin:target_username:secret.
I have two questions:
1. I would like to know where this token can be found.
I guess if I explicitly do "oneuser login serveradmin ",
it will be created somewhere such as /var/lib/one/.one,
but in my situation, I do not do it but only use SunStone GUI..
2. When I enable the following line in remotes/auth/server_x509/authenticate,
OpenNebula.log_debug("Authenticating #{user}, with password #{pass} (#{secret})")
oned.log shows the secret part.
When I perform base64 twice on the secret and then rsa-decode,
I see serveradmin:serveradmin:1342645861,
not serveradmin:target_user:1342645861,
I think this can be expected as server_x509_auth.rb shows,
def login_token(expire, target_user=nil)
target_user ||= @options[:srv_user]
token_txt = "#{@options[:srv_user]}:#{target_user}:#{expire}"
How can I enable SunStone to pass target_user (who uses SS with a certificate) to login_token?
Thanks,
Hyunwoo
FermiCloud Project
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1959 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120718/042c1a8f/attachment.bin>
More information about the Users
mailing list