[one-users] RPC API and PHP (auth pb)

Mon Mar 25 03:29:36 PDT 2013

Hi,

The serveradmin users allows more secure communications, and advanced
authentication scenarios, like browser certificates [1]. But if you are
building a simple user interface, you might want to keep things simple and
use the 'username:password' session token for your xmlrpc requests.

Regards

[1] http://opennebula.org/documentation:rel3.8:sunstone#x509_auth
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org | cmartin at opennebula.org |
@OpenNebula<http://twitter.com/opennebula><cmartin at opennebula.org>

On Fri, Mar 22, 2013 at 5:46 PM, Nicolas Bélan <nicolas.belan at gmail.com>wrote:

> Hello,
>
> well, i would like to display to user their vm, networks, images and so
> on, according to the role and access of each user.
> so i am trying to use as much as possible openNebula rbac and rpc to
> retrieve only right informations.
> the step after is to deploy vm as user, not as oneadmin or serveradmin,
> but directly as "user"
>
> the service i am building is a very simplified user interface. the step
> after for the user is to have access to self service, but to begin, i would
> like to hide some concepts to make easier cloud access.
>
> best regards,
> nicolas
> Le 22 mars 2013 à 17:25, Tino Vazquez <tinova at opennebula.org> a écrit :
>
> > Hi Nicolas,
> >
> > serveradmin is used by Sunstone and related interface services. Did
> > you try it out with other users (ie, oneadmin)?
> >
> > Depending on what type of service you are building, you may be
> > interested indeed in serveradmin. Could you elaborate a bit more on
> > that?
> >
> > Regards
> > --
> > Constantino Vázquez Blanco, PhD, MSc
> > Project Engineer
> > OpenNebula - The Open-Source Solution for Data Center Virtualization
> > www.OpenNebula.org | @tinova79 | @OpenNebula
> >
> >
> > On Fri, Mar 22, 2013 at 4:16 PM, Nicolas Bélan <nicolas.belan at gmail.com>
> wrote:
> >> Hello the list,
> >>
> >> I am trying (unsuccessfully) to call RPM methods.
> >>
> >> The problem is that I can not make my user authenticated by code (while
> >> it is ok with http://localhost:4567/ui)
> >> I am using version 3.8.3.
> >>
> >> I am trying to user serveradmin:<user>:<password> with it does not work
> >> as written in the documentation.
> >> Deeply investigating, I found, in
> >> /usr/lib/one/ruby/server_cipher_auth.rb that the third part is a token,
> >> but i am not ruby compliant....
> >> It seems, If i understand, that:
> >> a string is built with: "serveradmin:username:time()+expire"
> >> the serveradmin password is used to create a key.
> >> This key is then used to cipher (salted ?) the previous string.
> >> The result is then appended like that:
> >> "serveradmin:username:cipher(key,serveradmin:username:time()+expire)"
> >> and sent as the first parameter of the rpc call.
> >> Am i completely wrong ?
> >> For example:
> >>
> serveradmin:user_example:PWyaJz96iwdYldYoPHXWZYkBMbuvKIEXiTVb0WuAHURYuQ2Dzmhnzjm0JDNCMchB
> >>
> >> Using perl, I failed to authenticate user ....
> >> using tcpdump, it seems that the third part is quite constant during a
> >> certain laps of time ...
> >> So, I may be wrong with my time() expire part ....
> >> Can you help me writing this part of code ? Perl or PHP are welcome ;)
> >>
> >> Thank you for you help
> >>
> >> Best regards,
> >> Nicolas.
> >>
> >>
> >>
> >>
> >>
> >>
> >> _______________________________________________
> >> Users mailing list
> >> Users at lists.opennebula.org
> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130325/1c0dd3f5/attachment-0002.htm>