[one-users] RPC API and PHP (auth pb)

Nicolas Bélan nicolas.belan at gmail.com
Fri Mar 22 09:46:53 PDT 2013


Hello,

well, i would like to display to user their vm, networks, images and so on, according to the role and access of each user. 
so i am trying to use as much as possible openNebula rbac and rpc to retrieve only right informations. 
the step after is to deploy vm as user, not as oneadmin or serveradmin, but directly as "user" 

the service i am building is a very simplified user interface. the step after for the user is to have access to self service, but to begin, i would like to hide some concepts to make easier cloud access. 

best regards,
nicolas
Le 22 mars 2013 à 17:25, Tino Vazquez <tinova at opennebula.org> a écrit :

> Hi Nicolas,
> 
> serveradmin is used by Sunstone and related interface services. Did
> you try it out with other users (ie, oneadmin)?
> 
> Depending on what type of service you are building, you may be
> interested indeed in serveradmin. Could you elaborate a bit more on
> that?
> 
> Regards
> --
> Constantino Vázquez Blanco, PhD, MSc
> Project Engineer
> OpenNebula - The Open-Source Solution for Data Center Virtualization
> www.OpenNebula.org | @tinova79 | @OpenNebula
> 
> 
> On Fri, Mar 22, 2013 at 4:16 PM, Nicolas Bélan <nicolas.belan at gmail.com> wrote:
>> Hello the list,
>> 
>> I am trying (unsuccessfully) to call RPM methods.
>> 
>> The problem is that I can not make my user authenticated by code (while
>> it is ok with http://localhost:4567/ui)
>> I am using version 3.8.3.
>> 
>> I am trying to user serveradmin:<user>:<password> with it does not work
>> as written in the documentation.
>> Deeply investigating, I found, in
>> /usr/lib/one/ruby/server_cipher_auth.rb that the third part is a token,
>> but i am not ruby compliant....
>> It seems, If i understand, that:
>> a string is built with: "serveradmin:username:time()+expire"
>> the serveradmin password is used to create a key.
>> This key is then used to cipher (salted ?) the previous string.
>> The result is then appended like that:
>> "serveradmin:username:cipher(key,serveradmin:username:time()+expire)"
>> and sent as the first parameter of the rpc call.
>> Am i completely wrong ?
>> For example:
>> serveradmin:user_example:PWyaJz96iwdYldYoPHXWZYkBMbuvKIEXiTVb0WuAHURYuQ2Dzmhnzjm0JDNCMchB
>> 
>> Using perl, I failed to authenticate user ....
>> using tcpdump, it seems that the third part is quite constant during a
>> certain laps of time ...
>> So, I may be wrong with my time() expire part ....
>> Can you help me writing this part of code ? Perl or PHP are welcome ;)
>> 
>> Thank you for you help
>> 
>> Best regards,
>> Nicolas.
>> 
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> 



More information about the Users mailing list