Re: [one-users] Authentication ldap and authdb issues
The addons were recently updated to be 2.2 compatible. Anyway, I think they were already compatible with 2.2 release. As Gian Umberto says you should protect the password files with file system permissions. Anyway, we are looking into more secure auth methods for ldap. On Tue, Apr 12, 2011 at 9:53 AM, Steffen Neumann wrote: > Hi, > > On Mon, 2011-04-11 at 22:54 +0530, Madhurranjan Mohaan wrote: >> I am trying to use the ldap add on to integrate the setup with ldap > > I have some followup questions: > > 1) The documentation suggests that LDAP integration was created > for the 2.0 release: documentation:archives:rel2.0:ldap > I assume it still (is supposed to) work with 2.2 ? > > 2) The user should add its credentials to $ONE_AUTH file > (usually $HOME/.one/one_auth) in this fashion: > > user_dn:plain:user_password > > Does that mean the users have to put their passwds > in plain text into their homedir ?? This would be > a gaping security hole. > > Yours, > Steffen > > -- > IPB Halle AG Massenspektrometrie & Bioinformatik > Dr. Steffen Neumann http://www.IPB-Halle.DE > Weinberg 3 http://msbi.bic-gh.de > 06120 Halle Tel. +49 (0) 345 5582 - 1470 > +49 (0) 345 5582 - 0 > sneumann(at)IPB-Halle.DE Fax. +49 (0) 345 5582 - 1409 > > > ___ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- Javier Fontan, Grid & Virtualization Technology Engineer/Researcher DSA Research Group: http://dsa-research.org Globus GridWay Metascheduler: http://www.GridWay.org OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Authentication ldap and authdb issues
1) The database auth.db is generated if it does not exist, that is the normal procedure the first time it is started. 2) There's a missing gem, and unfortunately is not in the documentation: $ sudo gem install sequel That should solve the problem On Mon, Apr 11, 2011 at 7:24 PM, Madhurranjan Mohaan wrote: > Hi All, > > I am trying to use the ldap add on to integrate the setup with ldap but then > came back to the basic simple setup and wanted to get the ssh setup running > according to the documentation. > > The documentation says: > > 1. Default configuration will use sqlite database located at > $ONE_LOCATION/var/auth.db But i can't find any auth.db that is present in > this location. > > 2. I created a dummy user and when I run "oneauth key" there after I create > that user in the system to pass the ssh key , I get the following error : > > /srv/cloud/one/bin/oneauth:37:in `require': no such file to load -- sequel > (LoadError) > from /srv/cloud/one/bin/oneauth:37 > > which seems to be an issue with ruby package that i need to fix. > > 3. If I eventually get Ldap to work with open nebula, will the users be > able to login through the sunstone gui ? > > Any help is much appreciated. > > thanks > > Ranjan > > > ___ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > -- Javier Fontan, Grid & Virtualization Technology Engineer/Researcher DSA Research Group: http://dsa-research.org Globus GridWay Metascheduler: http://www.GridWay.org OpenNebula Virtual Infrastructure Engine: http://www.OpenNebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Authentication ldap and authdb issues
> "SN" == Steffen Neumann writes: SN>Does that mean the users have to put their passwds in plain SN> text into their homedir ?? This would be a gaping security hole. They should be readable by the user only, like private keys in SSH, I think... -- ing. Gian Uberto Lauri Ricercatore / Reasearcher Laboratorio Ricerca e Sviluppo / Research & Development Lab. Area Calcolo Distribuito / Distributed Computation Area gianuberto.la...@eng.it Engineering Ingegneria Informatica spa Corso Stati Uniti 23/C, 35127 Padova (PD) Tel. +39-049.8283.571 | main(){printf(&unix["\021%six\012\0"], Fax +39-049.8283.569 |(unix)["have"]+"fun"-0x60);} Skype: gian.uberto.lauri | David Korn, AT&T Bell Labs http://www.eng.it | ioccc best One Liner, 1987 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] Authentication ldap and authdb issues
Hi, On Mon, 2011-04-11 at 22:54 +0530, Madhurranjan Mohaan wrote: > I am trying to use the ldap add on to integrate the setup with ldap I have some followup questions: 1) The documentation suggests that LDAP integration was created for the 2.0 release: documentation:archives:rel2.0:ldap I assume it still (is supposed to) work with 2.2 ? 2) The user should add its credentials to $ONE_AUTH file (usually $HOME/.one/one_auth) in this fashion: user_dn:plain:user_password Does that mean the users have to put their passwds in plain text into their homedir ?? This would be a gaping security hole. Yours, Steffen -- IPB HalleAG Massenspektrometrie & Bioinformatik Dr. Steffen Neumann http://www.IPB-Halle.DE Weinberg 3 http://msbi.bic-gh.de 06120 Halle Tel. +49 (0) 345 5582 - 1470 +49 (0) 345 5582 - 0 sneumann(at)IPB-Halle.DE Fax. +49 (0) 345 5582 - 1409 ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
[one-users] Authentication ldap and authdb issues
Hi All, I am trying to use the ldap add on to integrate the setup with ldap but then came back to the basic simple setup and wanted to get the ssh setup running according to the documentation. The documentation says: 1. Default configuration will use sqlite database located at $ONE_LOCATION/var/auth.db But i can't find any auth.db that is present in this location. 2. I created a dummy user and when I run "oneauth key" there after I create that user in the system to pass the ssh key , I get the following error : */srv/cloud/one/bin/oneauth:37:in `require': no such file to load -- sequel (LoadError) from /srv/cloud/one/bin/oneauth:37 * which seems to be an issue with ruby package that i need to fix. 3. If I eventually get Ldap to work with open nebula, will the users be able to login through the sunstone gui ? Any help is much appreciated. thanks Ranjan ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org