Dear ONe developers, (We are using OpenNebula 3.2)
We are using SunStone GUI with my x509 certificate imported in my
browser(firefox or chrome)
which means etc/sunstone-server.conf is configured in the following way,
:auth: x509
:core_auth: x509
We also configured so that serveramin uses server_x509.
The manual says that
for serveradmin who uses server_x509 driver,
a special-format token will be created which contains
serveradmin:target_username:secret.
I have two questions:
1. I would like to know where this token can be found.
I guess if I explicitly do "oneuser login serveradmin ",
it will be created somewhere such as /var/lib/one/.one,
but in my situation, I do not do it but only use SunStone GUI..
2. When I enable the following line in remotes/auth/server_x509/authenticate,
OpenNebula.log_debug("Authenticating #{user}, with password #{pass}
(#{secret})")
oned.log shows the secret part.
When I perform base64 twice on the secret and then rsa-decode,
I see serveradmin:serveradmin:1342645861,
not serveradmin:target_user:1342645861,
I think this can be expected as server_x509_auth.rb shows,
def login_token(expire, target_user=nil)
target_user ||= @options[:srv_user]
token_txt = "#{@options[:srv_user]}:#{target_user}:#{expire}"
How can I enable SunStone to pass target_user (who uses SS with a
certificate) to login_token?
Thanks,
Hyunwoo
FermiCloud Project
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
