Re: [one-users] New authentication type
Hello, I have a new problem with my radius authentication: The passwords are stored in clear text in oned.log, in messages like this: Thu Apr 18 11:19:17 2013 [AuM][D]: Message received: AUTHENTICATE SUCCESS 103 radius christoph.pleger blablabla And oned.log is readable by everyone who can login to the cloud management node! How can I prevent passwords from being stored in clear text, or how can I achieve that oned.log is created with more restrictive permissions? Regards Christoph ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] New authentication type
Usually for external authentication methods you don't need to store
the password in OpenNebula. In fact it is better that you don't store
it as you will have to sync the password with the external database.
You can use the password as storage for some other useful information.
In the case of ldap we store full dn of the user. If you don't want to
store anything just provide a -. For example:
puts radius #{username} -
On Fri, Apr 19, 2013 at 10:05 AM, Christoph Pleger
christoph.ple...@cs.tu-dortmund.de wrote:
Hello,
I have a new problem with my radius authentication: The passwords are
stored in clear text in oned.log, in messages like this:
Thu Apr 18 11:19:17 2013 [AuM][D]: Message received: AUTHENTICATE SUCCESS
103 radius christoph.pleger blablabla
And oned.log is readable by everyone who can login to the cloud management
node! How can I prevent passwords from being stored in clear text, or how
can I achieve that oned.log is created with more restrictive permissions?
Regards
Christoph
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
--
Javier Fontán Muiños
Project Engineer
OpenNebula - The Open Source Toolkit for Data Center Virtualization
www.OpenNebula.org | jfon...@opennebula.org | @OpenNebula
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] New authentication type
Hi,
I'm glad you made it work. Do yo plan to share these drivers?
They could make a good ecosystem project [1].
Cheers
[1] http://opennebula.org/community:ecosystem
--
Carlos Martín, MSc
Project Engineer
OpenNebula - The Open-source Solution for Data Center Virtualization
www.OpenNebula.org | cmar...@opennebula.org |
@OpenNebulahttp://twitter.com/opennebulacmar...@opennebula.org
On Fri, Apr 12, 2013 at 5:39 PM, Christoph Pleger
christoph.ple...@cs.tu-dortmund.de wrote:
Hello,
Try to replicate the ldap authenticate script. To create new users, the
driver needs to print to stdout 'drivername username password' when the
authentication is successful
Ah, thank you very much, that was it! I only had to add 'puts radius
#{user} #{pass} in authenticate before 'exit 0', now it works.
Regards
Christoph
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] New authentication type
Hi, That's how the LDAP driver works [1]. To create new users automatically on their first login, copy or link this dir to your drivers: /var/lib/one/remotes/auth/default Keep us updated on that integration! [1] http://opennebula.org/documentation:rel3.8:ldap#configuration -- Carlos Martín, MSc Project Engineer OpenNebula - The Open-source Solution for Data Center Virtualization www.OpenNebula.org | cmar...@opennebula.org | @OpenNebulahttp://twitter.com/opennebulacmar...@opennebula.org On Fri, Apr 12, 2013 at 11:33 AM, Christoph Pleger christoph.ple...@cs.tu-dortmund.de wrote: Hello, I am trying to add radius authentication for OpennNebula. I have written a small ruby file for that and I can successfully login to sunstone, but I still have to create a user with oneuser create and choose a password for the user, and authentication only works if that password and the radius password are the same. What I would like to have is that users do not have to be in obennebula's user database before their first login and that the users are automatically added to the user database on their first login. How can I achieve that? Regards Christoph ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] New authentication type
Hello, That's how the LDAP driver works [1]. To create new users automatically on their first login, copy or link this dir to your drivers: Authentication itself is successful now, but I get another error now: ---snip--- Fri Apr 12 15:35:22 2013 [AuM][D]: Message received: LOG D 14 authenticate: Radius-Authenticating christoph.pleger, with password Fri Apr 12 15:35:22 2013 [AuM][I]: authenticate: Radius-Authenticating christoph.pleger, with password Fri Apr 12 15:35:22 2013 [AuM][D]: Message received: LOG I 14 ExitCode: 0 Fri Apr 12 15:35:22 2013 [AuM][I]: ExitCode: 0 Fri Apr 12 15:35:22 2013 [AuM][D]: Message received: AUTHENTICATE SUCCESS 14 - Fri Apr 12 15:35:22 2013 [AuM][E]: Can't create user: . Driver response: ---snip--- So far, I changed the following things: 1. Set ':auth: opennebula' in /etc/one/sunstone-server.conf 2. Set authn = ssh,x509,ldap,server_cipher,server_x509,radius,default in /etc/one/oned.conf 3. Created /usr/lib/one/ruby/radius_auth.rb 4. Created /var/lib/one/remotes/auth/radius/authenticate 5. Created a link /var/lib/one/remotes/auth/default - /var/lib/one/remotes/auth/radius I have attached my files radius_auth.rb and authenticate. Sorry if my ruby is not good, I am a really new newbie to ruby. Regards Christoph ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] New authentication type
Hi, Try to replicate the ldap authenticate script. To create new users, the driver needs to print to stdout 'drivername username password' when the authentication is successful Cheers -- Carlos Martín, MSc Project Engineer OpenNebula - The Open-source Solution for Data Center Virtualization www.OpenNebula.org | cmar...@opennebula.org | @OpenNebulahttp://twitter.com/opennebulacmar...@opennebula.org On Fri, Apr 12, 2013 at 4:07 PM, Christoph Pleger christoph.ple...@cs.tu-dortmund.de wrote: Hello, That's how the LDAP driver works [1]. To create new users automatically on their first login, copy or link this dir to your drivers: Authentication itself is successful now, but I get another error now: ---snip--- Fri Apr 12 15:35:22 2013 [AuM][D]: Message received: LOG D 14 authenticate: Radius-Authenticating christoph.pleger, with password Fri Apr 12 15:35:22 2013 [AuM][I]: authenticate: Radius-Authenticating christoph.pleger, with password Fri Apr 12 15:35:22 2013 [AuM][D]: Message received: LOG I 14 ExitCode: 0 Fri Apr 12 15:35:22 2013 [AuM][I]: ExitCode: 0 Fri Apr 12 15:35:22 2013 [AuM][D]: Message received: AUTHENTICATE SUCCESS 14 - Fri Apr 12 15:35:22 2013 [AuM][E]: Can't create user: . Driver response: ---snip--- So far, I changed the following things: 1. Set ':auth: opennebula' in /etc/one/sunstone-server.conf 2. Set authn = ssh,x509,ldap,server_cipher,server_x509,radius,default in /etc/one/oned.conf 3. Created /usr/lib/one/ruby/radius_auth.rb 4. Created /var/lib/one/remotes/auth/radius/authenticate 5. Created a link /var/lib/one/remotes/auth/default - /var/lib/one/remotes/auth/radius I have attached my files radius_auth.rb and authenticate. Sorry if my ruby is not good, I am a really new newbie to ruby. Regards Christoph ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org ___ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
Re: [one-users] New authentication type
Hello,
Try to replicate the ldap authenticate script. To create new users, the
driver needs to print to stdout 'drivername username password' when the
authentication is successful
Ah, thank you very much, that was it! I only had to add 'puts radius
#{user} #{pass} in authenticate before 'exit 0', now it works.
Regards
Christoph
___
Users mailing list
Users@lists.opennebula.org
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
