[one-users] econe auth not working (4.0 and 3.8.3) ?

Daniel Molina dmolina at opennebula.org
Tue Apr 2 02:24:01 PDT 2013


Hi Ricardo,


On 2 April 2013 01:25, Ricardo Duarte <rjtd21 at hotmail.com> wrote:

> Hi,
>
> I will answer my own question, because I find the solution.
> The problem was that I was using the fqdn instead of the IP address, for
> the EC2_URL.
> I had a look at the EC2CloudAuth.rb, and what was happening was the
> following:
>
> - The signature_v1 function requires the host to be stripped from the
> params.
> - The current implementation only deletes the host name that matches the
> :host: parameter from econe.conf (params.delete('econe_host'). )
> - So, signature_v1 would consider the host for the calculation when I was
> using the fqdn != :host:
>
> I had the IP as the :host: parameter. As soon as I changed it to the fqdn,
> I could use http://fqdn:<econe port> as the ec2 endpoint.
> But then, http://<ip>:<econe port> stops working.
>

The host and port are used to generate the signature (v2), so they have to
be the same in both server and client sides, otherwise the signature will
be different and the authentication will fail. In the server side, these
values are retrieved from the configuration, included in the params hash
(econe-server.rb) and passed to the do_auth method (EC2CloudAuth.rb).

In the signature_v1 case the host and port are not needed to generate the
signature, hence they are deleted from the params before generating the
signature in the server (signature_v1() EC2CloudAuth.rb).

Cheers.



>
> Regards,
> Ricardo
>
> ------------------------------
> From: rjtd21 at hotmail.com
> To: users at lists.opennebula.org
> Date: Mon, 1 Apr 2013 22:48:25 +0000
> Subject: [one-users] econe auth not working (4.0 and 3.8.3) ?
>
>
> Hi there,
>
> On both 3.8.3 and 4.0 I'm getting the following error when trying to use
> the EC2 API:
>
> - AuthFailure: The username or password is not correct
>
> I'm using ACCESS_KEY = username, and EC2_SECRET_KEY= <sha1 password, shown
> with oneuser show <id> .
> I'm pointing EC2_URL to http://<one controller>:<econe port>.
> My ec2_auth has the correct serveradmin credential.
> My users are using Core as the auth driver, and were created with Sunstone.
> Oned.log shows "Message received: AUTHENTICATE SUCCESS 1731 -".
>
> Any idea of what can be the problem?
>
> Thanks,
> Ricardo
>
> _______________________________________________ Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
>


-- 
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130402/575db1af/attachment-0002.htm>


More information about the Users mailing list