[one-users] Problem with x509 authentication for cli

Uli ulihorn at gmail.com
Thu Sep 6 11:14:03 PDT 2012


Hi

I am having a problem with setting up x509 authentication for the cli .
The symptoms are as follows:  If I run the following command as the new
x509 authenticated user:

onetemplate list

I get:

[TemplatePoolInfo] User couldn't be authenticated, aborting call.

I tried to debug this with rdebug by running something like:

ruby -rdebug /var/lib/one/remotes/auth/x509/authenticate <new_user>
<user_dn> <user_secret>

where <new_user> is the newly x509 authenticated user
<user_dn> is then password taken from onehost show <new_user>
<user_secret> is the string in file /home/new_user/.one/one_x509 containing
<new_user>:encrypted string

/usr/lib/one/ruby/x509_auth.rb:183: `data greater than mod len'
(OpenSSL::PKey::RSAError)
from /usr/lib/one/ruby/x509_auth.rb:183:in `decrypt'
from /usr/lib/one/ruby/x509_auth.rb:116:in `authenticate'
from authenticate:50
/usr/lib/one/ruby/x509_auth.rb:183:
 @cert_chain[0].public_key.public_decrypt(Base64::decode64(data)

>From similar errors mentioned on the internet it seems this has something
to do with a truncation that may have occurred in the database

the certificate certs = "MII..==" contains 2532 characters and the
                        token = "..=" contains 690 characters

Many thanks
Uli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120906/1cb34504/attachment.htm>


More information about the Users mailing list