Hi, On Mon, Mar 25, 2013 at 2:48 PM, Nicolas Bélan <[email protected]>wrote:
> Hello, > > the problem is that password is in a LDAP tree, and I do not get clear > user password from the user (got it in SHA1) through web connection. > > I only map ldap[uidnumber] to get various other informations (DNS owner, > SMTP accounting, Support requests and so on). > I would like to keep avoiding getting clear text password to access > OpenNebula Interface. > If it is not possible, I may get access directly to SQL Database, but this > not what I would like to do first ... > In that case serveradmin is the right approach. I see in your first email that you already found login_token in server_cipher_auth.rb. Maybe you were not using the same encryption algorithm, aes-256-cbc? Regards PS: Please reply to the list, more people may find it useful... -- Carlos Martín, MSc Project Engineer OpenNebula - The Open-source Solution for Data Center Virtualization www.OpenNebula.org <http://www.opennebula.org/> | [email protected] | @OpenNebula <http://twitter.com/opennebula> > Regards, > nicolas. > > Le 25/03/2013 11:29, Carlos Martín Sánchez a écrit : > > Hi, > > The serveradmin users allows more secure communications, and advanced > authentication scenarios, like browser certificates [1]. But if you are > building a simple user interface, you might want to keep things simple and > use the 'username:password' session token for your xmlrpc requests. > > Regards > > [1] http://opennebula.org/documentation:rel3.8:sunstone#x509_auth > -- > Carlos Martín, MSc > Project Engineer > OpenNebula - The Open-source Solution for Data Center Virtualization > www.OpenNebula.org | [email protected] | > @OpenNebula<http://twitter.com/opennebula> > > > On Fri, Mar 22, 2013 at 5:46 PM, Nicolas Bélan <[email protected]>wrote: > >> Hello, >> >> well, i would like to display to user their vm, networks, images and so >> on, according to the role and access of each user. >> so i am trying to use as much as possible openNebula rbac and rpc to >> retrieve only right informations. >> the step after is to deploy vm as user, not as oneadmin or serveradmin, >> but directly as "user" >> >> the service i am building is a very simplified user interface. the step >> after for the user is to have access to self service, but to begin, i would >> like to hide some concepts to make easier cloud access. >> >> best regards, >> nicolas >> Le 22 mars 2013 à 17:25, Tino Vazquez <[email protected]> a écrit : >> >> > Hi Nicolas, >> > >> > serveradmin is used by Sunstone and related interface services. Did >> > you try it out with other users (ie, oneadmin)? >> > >> > Depending on what type of service you are building, you may be >> > interested indeed in serveradmin. Could you elaborate a bit more on >> > that? >> > >> > Regards >> > -- >> > Constantino Vázquez Blanco, PhD, MSc >> > Project Engineer >> > OpenNebula - The Open-Source Solution for Data Center Virtualization >> > www.OpenNebula.org | @tinova79 | @OpenNebula >> > >> > >> > On Fri, Mar 22, 2013 at 4:16 PM, Nicolas Bélan <[email protected]> >> wrote: >> >> Hello the list, >> >> >> >> I am trying (unsuccessfully) to call RPM methods. >> >> >> >> The problem is that I can not make my user authenticated by code (while >> >> it is ok with http://localhost:4567/ui) >> >> I am using version 3.8.3. >> >> >> >> I am trying to user serveradmin:<user>:<password> with it does not work >> >> as written in the documentation. >> >> Deeply investigating, I found, in >> >> /usr/lib/one/ruby/server_cipher_auth.rb that the third part is a token, >> >> but i am not ruby compliant.... >> >> It seems, If i understand, that: >> >> a string is built with: "serveradmin:username:time()+expire" >> >> the serveradmin password is used to create a key. >> >> This key is then used to cipher (salted ?) the previous string. >> >> The result is then appended like that: >> >> "serveradmin:username:cipher(key,serveradmin:username:time()+expire)" >> >> and sent as the first parameter of the rpc call. >> >> Am i completely wrong ? >> >> For example: >> >> >> serveradmin:user_example:PWyaJz96iwdYldYoPHXWZYkBMbuvKIEXiTVb0WuAHURYuQ2Dzmhnzjm0JDNCMchB >> >> >> >> Using perl, I failed to authenticate user .... >> >> using tcpdump, it seems that the third part is quite constant during a >> >> certain laps of time ... >> >> So, I may be wrong with my time() expire part .... >> >> Can you help me writing this part of code ? Perl or PHP are welcome ;) >> >> >> >> Thank you for you help >> >> >> >> Best regards, >> >> Nicolas. >> >> >> >> >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> Users mailing list >> >> [email protected] >> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> >> >> _______________________________________________ >> Users mailing list >> [email protected] >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> > > >
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
