[one-users] Problem with x509 authentication for cli
Uli
ulihorn at gmail.com
Thu Sep 6 11:14:03 PDT 2012
Hi
I am having a problem with setting up x509 authentication for the cli .
The symptoms are as follows: If I run the following command as the new
x509 authenticated user:
onetemplate list
I get:
[TemplatePoolInfo] User couldn't be authenticated, aborting call.
I tried to debug this with rdebug by running something like:
ruby -rdebug /var/lib/one/remotes/auth/x509/authenticate <new_user>
<user_dn> <user_secret>
where <new_user> is the newly x509 authenticated user
<user_dn> is then password taken from onehost show <new_user>
<user_secret> is the string in file /home/new_user/.one/one_x509 containing
<new_user>:encrypted string
/usr/lib/one/ruby/x509_auth.rb:183: `data greater than mod len'
(OpenSSL::PKey::RSAError)
from /usr/lib/one/ruby/x509_auth.rb:183:in `decrypt'
from /usr/lib/one/ruby/x509_auth.rb:116:in `authenticate'
from authenticate:50
/usr/lib/one/ruby/x509_auth.rb:183:
@cert_chain[0].public_key.public_decrypt(Base64::decode64(data)
>From similar errors mentioned on the internet it seems this has something
to do with a truncation that may have occurred in the database
the certificate certs = "MII..==" contains 2532 characters and the
token = "..=" contains 690 characters
Many thanks
Uli
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120906/1cb34504/attachment.htm>
More information about the Users
mailing list