It's all the certificates from the user's one to the certificate OpenNebula trusts. This way certificates not directly signed by the root certificate can be used.
http://en.wikipedia.org/wiki/Chain_of_trust On Tue, May 13, 2014 at 10:50 PM, María Noelia Gil <[email protected]> wrote: > Thank you very much. One last question, what stores "cert_chain”? > > El 13/05/2014, a las 16:59, Javier Fontan <[email protected]> escribió: > >> It contains the username and the expiration time in epoch. From the >> source code [1]: >> >> --8<------ >> # Generates a login token in the form: >> # user_name:x509:user_name:time_expires:cert_chain >> # - user_name:time_expires is encrypted with the user certificate >> # - user_name:time_expires:cert_chain is base64 encoded >> ------>8-- >> >> [1] >> https://github.com/OpenNebula/one/blob/one-4.6/src/authm_mad/remotes/x509/x509_auth.rb#L95 >> >> On Mon, May 12, 2014 at 11:20 AM, María Noelia Gil >> <[email protected]> wrote: >>> Hello, I am testing the x509 authentication from CLI. The operation oneuser >>> login ... generates an authentication token encrypted with the private key. >>> What is the content of the token? >>> >>> On the other hand, I have seen that every user has on their template an >>> attribute with name TOKEN_PASSWORD, what is its use? >>> >>> Thank you. >>> _______________________________________________ >>> Users mailing list >>> [email protected] >>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> >> >> >> -- >> Javier Fontán Muiños >> Developer >> OpenNebula - The Open Source Toolkit for Data Center Virtualization >> www.OpenNebula.org | @OpenNebula | github.com/jfontan > -- Javier Fontán Muiños Developer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | @OpenNebula | github.com/jfontan _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
