<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>I should also mention that this is an OpenNebula 3.1
installation (via the rpm) on Scientific Linux 6.1. I have the
DEBUG setting set to 3 which according to the comments in
oned.conf should be the most verbose. <br>
<br>
In trying to debug, I used the authenticate script in
/var/lib/one/remotes/auth/x509 which imports and uses
/usr/lib/one/ruby/x509_auth.rb. If I take the token that is
decrypted from the file /var/lib/one/.one/one_x509 I can perform
openssl operations on it and verify it. If I run the values
through the authenticate script, I find that there is a problem
parsing the CA chain. When it calculates the hash value for the
CA, it is dropping a leading 0 which makes the file path invalid.
Could this be the problem?<br>
<br>
Thanks,<br>
</tt>
<pre class="moz-signature" cols="72">Anthony Tiradani
<a class="moz-txt-link-abbreviated" href="mailto:tiradani@fnal.gov">tiradani@fnal.gov</a>
+1 630 840 4479</pre>
<br>
On 12/15/11 5:07 PM, Anthony Tiradani wrote:
<blockquote cite="mid:4EEA7D97.7070400@fnal.gov" type="cite">
<pre wrap="">This is the only message I get in oned.log:
Thu Dec 15 17:05:47 2011 [ReM][E]: [HostPoolInfo] User couldn't be
authenticated, aborting call.
I am running onehost list when I see that error.
Anthony Tiradani
<a class="moz-txt-link-abbreviated" href="mailto:tiradani@fnal.gov">tiradani@fnal.gov</a>
+1 630 840 4479
On 12/15/2011 03:40 PM, Ruben S. Montero wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
Could you send the messages in oned.log file? You should see there
messages from the driver describing the error...
Cheers
Ruben
On Thu, Dec 15, 2011 at 5:31 PM, Anthony Tiradani <a class="moz-txt-link-rfc2396E" href="mailto:tiradani@fnal.gov"><tiradani@fnal.gov></a> wrote:
</pre>
<blockquote type="cite">
<pre wrap="">Hi,
I am trying to setup OpenNebula with x509 authentication. I am using
sqlite as the DB back end for now. I am following the documentation
here: <a class="moz-txt-link-freetext" href="http://opennebula.org/documentation:rel3.0:x509_auth">http://opennebula.org/documentation:rel3.0:x509_auth</a>
I've configured everything correctly as far as I can tell. I can
successfully use x509 to login, but after 24 hours (no matter what I set
the expire time to with the --time argument) I get error messages saying
that the user couldn't be authenticated.
I've tried re-running the "oneuser login ..." command to no avail. The
only thing that works is if I delete one.db and restart OpenNebula.
Then I can log in just fine, but all the configuration that I have done
is lost. What do I have to do to fix this?
Thanks,
--
Anthony Tiradani
<a class="moz-txt-link-abbreviated" href="mailto:tiradani@fnal.gov">tiradani@fnal.gov</a>
+1 630 840 4479
_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
</pre>
</blockquote>
<pre wrap="">
</pre>
</blockquote>
<pre wrap="">
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a>
</pre>
</blockquote>
</body>
</html>