Hi It seems that your debug efforts are in the right direction, would you mind to double check a couple of things. Using a irb session
1.- define a variable with the encrypted string of /home/new_user/.one/one_x509, that after the ':' a="1Af34.." 2.- This is a base64 encoding of the encrypted token. Try to decode it require 'base64' Base64::decode64(a) 3.- This is the actual token in the form <base64_encrypted_text>:cert_chain. Cert chain is the x509 cert of the user plus any other needed to check that one. At this step can you check that the certificates are as expected (i.e. match with the x509 of the user) (The secret is base64 encoded, so you need to decode it first if you want to try to decrypt it with openssl for example.) Cheers Ruben On Thu, Sep 6, 2012 at 8:14 PM, Uli <[email protected]> wrote: > Hi > > I am having a problem with setting up x509 authentication for the cli . > The symptoms are as follows: If I run the following command as the new x509 > authenticated user: > > onetemplate list > > I get: > > [TemplatePoolInfo] User couldn't be authenticated, aborting call. > > I tried to debug this with rdebug by running something like: > > ruby -rdebug /var/lib/one/remotes/auth/x509/authenticate <new_user> > <user_dn> <user_secret> > > where <new_user> is the newly x509 authenticated user > <user_dn> is then password taken from onehost show <new_user> > <user_secret> is the string in file /home/new_user/.one/one_x509 containing > <new_user>:encrypted string > > /usr/lib/one/ruby/x509_auth.rb:183: `data greater than mod len' > (OpenSSL::PKey::RSAError) > from /usr/lib/one/ruby/x509_auth.rb:183:in `decrypt' > from /usr/lib/one/ruby/x509_auth.rb:116:in `authenticate' > from authenticate:50 > /usr/lib/one/ruby/x509_auth.rb:183: > @cert_chain[0].public_key.public_decrypt(Base64::decode64(data) > > From similar errors mentioned on the internet it seems this has something to > do with a truncation that may have occurred in the database > > the certificate certs = "MII..==" contains 2532 characters and the > token = "..=" contains 690 characters > > Many thanks > Uli > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- Ruben S. Montero, PhD Project co-Lead and Chief Architect OpenNebula - The Open Source Solution for Data Center Virtualization www.OpenNebula.org | [email protected] | @OpenNebula _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
