Hi Ricardo,
On 27 June 2013 11:11, Ricardo Duarte <[email protected]> wrote: > Hi there, > > Can someone explain to me how can I generate the "secret" to use with > serveradmin impersonation? > > username:target_username:secret > > Docs say "The core daemon understands a request with this authentication > session token as “perform this operation on behalf of target_user”. The > “secret” part of the token is signed with one of the two mechanisms > explained below. ", but there is nothing below this statement > > http://opennebula.org/documentation:archives:rel3.8:cloud_auth > > Indeed, the documentation is missing that information. Basically, the mechanism is as follows: When creating a new client, you have to provide a token (CloudAuth.rb) Client.new(token, XMLRPC_ENDPOINT) The content of this token is: "#{@srv_user}:#{target_user}:#{token64}" and is generated using the login_token method in server_cipher_auth.rb and the token64 is generated as follows * token64 content: "#{@srv_user}:#{target_user}:#{expire}" - "expire" is the token expiration time generated in CloudAuth.rb: @token_expiration_time = time_now + EXPIRE_DELTA * This token is encrypted using aes-256-cbc * After that, the encrypted token is encoded using base64 If you use server_x509 instead, the token64 is generated in the same way but encrypted using x509 certificates (server_x509_auth.rb) Hope this helps, if you need further information please do not hesitate to ask me anything Cheers -- Join us at OpenNebulaConf2013 <http://opennebulaconf.com/> in Berlin, 24-26 September, 2013 -- Daniel Molina Project Engineer OpenNebula - The Open Source Solution for Data Center Virtualization www.OpenNebula.org | [email protected] | @OpenNebula
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
