HEllo Ruben,
thanks for the reply
You're right: configuring DEBUG_LEVEL to 0 stopped that behavior
(showing clear password on the logs)
a few issues more:
---------
1- one_auth_mad.rb didn't deal well with passwords (secret) with
special characters like "$" ou "&". Surrounding the "secret" variable
with the (') character seems to fix that. The code line now looks like
this:
command << " '" << user.gsub("'", '\'"\'"\'') << "' '" <<
password.gsub("'", '\'"\'"\'') << "' '" << secret << "'"
don't know if there are other points in the code that could use this
change
---------
2- In case of a wrong (LDAP) password, Sunstone gives the following
error message:
"OpenNebula is not running or there was a server exception. Please
check the server logs."
This message is a bit confusing for LDAP uses. I suggest another error
messagem like:
"Authenticaton failure: wrong username, password or OpenNebula is not
running or there was a server exception".
Of course a better error messagem would be: ""Authenticaton failure:
(real reason)"
---------
3- I would like to set the DEBUG_LEVEL to 3 again but really don't
want passwords going to the logs. Is this possible? Where should I tune
the system? one_auth_mad.rb? The "run" shell command method, filtering
out the problematic cases? Where can I find the "run" method?
Cheers,
João
On Fri, 11 May 2012 00:05:34 +0200, Ruben S. Montero wrote:
Hi
You may try to change the "verbosity" of the DEBUG messages in
oned.conf. DEBUG_LEVEL=0 will only output ERROR messages (those
labeled) with [E]. Once you have deployed and tuned the
infrastructure
it may be a good idea to decrease the debug messages to ERROR/WARNING
level.
Cheers
Ruben
On Thu, May 10, 2012 at 8:50 PM, João Pagaime <[email protected]> wrote:
Hello all
could somebody show where to change open-nebula for it to stop
showing clear
text passords?
probably somewhere on the code...
it is showing clear text passords for some cases of Sunstone LDAP
auth
errors (as shown bellow)
--------------
Thu May 10 19:20:02 2012 [ReM][D]: UserInfo method invoked
Thu May 10 19:20:02 2012 [AuM][D]: Message received: LOG I 2 Command
execution f
ail: /var/lib/one/remotes/auth/default/authenticate 'USER' '-'
PASSWORD
Thu May 10 19:20:02 2012 [AuM][I]: Command execution fail:
/var/lib/one/remotes/auth/default/authenticate 'USER' '-' PASSWORD
Thu May 10 19:20:02 2012 [AuM][D]: Message received: LOG I 2 User
USER not
found
Thu May 10 19:20:02 2012 [AuM][I]: User USER not found
Thu May 10 19:20:02 2012 [AuM][D]: Message received: LOG I 2
ExitCode: 255
Thu May 10 19:20:02 2012 [AuM][I]: ExitCode: 255
Thu May 10 19:20:02 2012 [AuM][D]: Message received: AUTHENTICATE
FAILURE 2
-
Thu May 10 19:20:02 2012 [AuM][E]: Auth Error:
Thu May 10 19:20:02 2012 [ReM][E]: [UserInfo] User couldn't be
authenticated, aborting call.
----------------------
maybe it would be a good ideia to ship the production versions
without this
behavior
cheers
João
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
João Pagaime
FCCN - Área de Infra-estruturas Aplicacionais
Av. do Brasil, n.º 101 - Lisboa
Telef. +351 218440100 Fax +351 218472167
www.fccn.pt
Aviso de Confidencialidade/Disclaimer
Esta mensagem é exclusivamente destinada ao seu destinatário, podendo
conter informação CONFIDENCIAL, cuja divulgação está expressamente
vedada nos termos da lei. Caso tenha recepcionado indevidamente esta
mensagem, solicitamos-lhe que nos comunique esse mesmo facto por esta
via ou para o telefone +351 218440100 devendo apagar o seu conteúdo de
imediato. This message is intended exclusively for its addressee. It
may
contain CONFIDENTIAL information protected by law. If this message has
been received by error, please notify us via e-mail or by telephone
+351
218440100 and delete it immediately.
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
