[one-users] x509 Authentication CLI

Javier Fontan jfontan at opennebula.org
Wed May 21 03:19:31 PDT 2014


It's all the certificates from the user's one to the certificate
OpenNebula trusts. This way certificates not directly signed by the
root certificate can be used.

http://en.wikipedia.org/wiki/Chain_of_trust

On Tue, May 13, 2014 at 10:50 PM, María Noelia Gil
<marianoelia.gil at um.es> wrote:
> Thank you very much. One last question, what stores "cert_chain”?
>
> El 13/05/2014, a las 16:59, Javier Fontan <jfontan at opennebula.org> escribió:
>
>> It contains the username and the expiration time in epoch. From the
>> source code [1]:
>>
>> --8<------
>>    # Generates a login token in the form:
>>    # user_name:x509:user_name:time_expires:cert_chain
>>    #   - user_name:time_expires is encrypted with the user certificate
>>    #   - user_name:time_expires:cert_chain is base64 encoded
>> ------>8--
>>
>> [1] https://github.com/OpenNebula/one/blob/one-4.6/src/authm_mad/remotes/x509/x509_auth.rb#L95
>>
>> On Mon, May 12, 2014 at 11:20 AM, María Noelia Gil
>> <marianoelia.gil at um.es> wrote:
>>> Hello, I am testing the x509 authentication from CLI. The operation oneuser login ... generates an authentication token encrypted with the private key. What is the content of the token?
>>>
>>> On the other hand, I have seen that every user has on their template an attribute with name TOKEN_PASSWORD, what is its use?
>>>
>>> Thank you.
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>>
>>
>> --
>> Javier Fontán Muiños
>> Developer
>> OpenNebula - The Open Source Toolkit for Data Center Virtualization
>> www.OpenNebula.org | @OpenNebula | github.com/jfontan
>



-- 
Javier Fontán Muiños
Developer
OpenNebula - Flexible Enterprise Cloud Made Simple
www.OpenNebula.org | @OpenNebula | github.com/jfontan


More information about the Users mailing list