Here is the log output: Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG I 5 Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin [secret] ****
Mon Jul 28 16:37:48 2014 [AuM][I]: Command execution fail: /var/lib/one/remotes/auth/server_cipher/authenticate serveradmin [secret] **** Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG D 5 authenticate: Authenticating serveradmin, with password [secret] (4zj727qqns0xXEHWPBq4tJ2nRSyqom1KtWx5QBueF54I33c1y0fIuymmkn84TMP9) Mon Jul 28 16:37:48 2014 [AuM][I]: authenticate: Authenticating serveradmin, with password [secret] (4zj727qqns0xXEHWPBq4tJ2nRSyqom1KtWx5QBueF54I33c1y0fIuymmkn84TMP9) Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG E 5 bad decrypt Mon Jul 28 16:37:48 2014 [AuM][I]: bad decrypt Mon Jul 28 16:37:48 2014 [AuM][D]: Message received: LOG I 5 ExitCode: 255 Emmanuel Mathot www.terradue.com On 29 Jul 2014, at 11:06, Daniel Molina <[email protected]> wrote: > Hi Enguerran, > > What error message are you getting in oned.log after trying to connect? > > Cheers > > > On 28 July 2014 17:16, Enguerran Boissier <[email protected]> > wrote: > Hello Daniel, > Thanks for your answer, unfortunately we still don't manage to connect with a > server_* user on the behalf of another normal user. > This is basically what we do, let us know if we do something wrong: > > { > string expires = DateTime.Now.Subtract(new DateTime(1970,1,1,0,0,0, > DateTimeKind.Utc)).TotalSeconds + 3600 + ""; > string token_encrypted = Encrypt(this.AdminUsername + ":" + > this.TargetUsername + ":" + expires, this.AdminPassword); > //this.AdminUsername = server_* user name > //this.TargetUsername = normal user name (target user) > //this.AdminPassword = server_* user password (SHA1 encrypted) > //Encrypt do the equivalent of the AES 256 CBC openssl encryption (cf > https://gist.github.com/scottlowe/1411917, we just removed the salt part) > session_SHA = this.AdminUsername + ":" + this.TargetUsername + ":" + > token_encrypted; > //session_SHA is the token used to authenticate on a request > } > > Thanks > Best regards > > > > > Enguerran Boissier > www.terradue.com > > <t2uk.png> > > On 28 Jul 2014, at 10:45, Daniel Molina <[email protected]> wrote: > >> Hi Cesare, >> >> The server_* authentication is a special method where a user can >> authenticate on behalf of other user. This method was included in OpenNebula >> for scenarios such as an Apache server configured to use x509 certificates, >> Apache has already authenticated the user and we just encrypt a token with >> the serveradmin credentials and OpenNebula will decrypt the token and will >> perform all the actions as the target_username. >> >> Users using the server_* auth method are special users and should not have >> any resource. >> >> You can see an example on how Sunstone uses this method: >> A user logs in: >> https://github.com/OpenNebula/one/blob/master/src/sunstone/sunstone-server.rb#L169 >> do_auth is called to authenticate the user: >> https://github.com/OpenNebula/one/blob/master/src/cloud/common/CloudAuth/SunstoneCloudAuth.rb#L18 >> a token is generated using the server_* method >> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L85 >> this info is sent to one and then checked by the auth driver: >> https://github.com/OpenNebula/one/blob/master/src/authm_mad/remotes/server_cipher/server_cipher_auth.rb#L110 >> >> Hope this helps >> >> http://docs.opennebula.org/4.6/administration/sunstone_gui/cloud_auth.html >> >> >> >> >> On 25 July 2014 12:39, Cesare Rossi <[email protected]> wrote: >> Dear All, >> >> we are interacting with the XML-RPC API. We are trying to perform the >> special authentication method available with the users' drivers >> server_cipher or server_x509 (i.e. using username:target_username:secret), >> but it seems not working. >> >> The question is: is it possible to use with that API such kind of users ? If >> yes, how ? >> >> Thanks in advance, >> >> Cheers >> >> Cesare Rossi >> Terradue >> Rome, Italy | Oxford, UK >> http://www.terradue.com >> >> >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org >> >> >> >> >> -- >> -- >> Daniel Molina >> Project Engineer >> OpenNebula - Flexible Enterprise Cloud Made Simple >> www.OpenNebula.org | [email protected] | @OpenNebula > > > > > -- > -- > Daniel Molina > Project Engineer > OpenNebula - Flexible Enterprise Cloud Made Simple > www.OpenNebula.org | [email protected] | @OpenNebula
_______________________________________________ Dev mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/dev-opennebula.org
