Hello, There is a security problem related with x509 proxy generation. The proxies generated have permissions that let any other user to read, that is, be logged as any other user with valid x509 proxy. To fix this issue you can download this file:
http://dev.opennebula.org/attachments/download/491/x509_permissions-3.0.patch and follow these steps: 1.- Go to /usr/lib/one/ruby or $ONE_LOCATION/lib/ruby 2.- Apply patch (files to be patched ssh_auth.rb and x509_auth.rb): $ patch < x509_permissions-3.0.patch 3.- After that (no need to restart nothing) please make your users to remove their login files and renew them Cheers -- Javier Fontán Muiños Project Engineer OpenNebula Toolkit | opennebula.org _______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
