Bug #847
Users using x509 certificates can't have certain characters in their DN
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 100% | |
| Category: | Core & System | |||
| Target version: | Release 3.2 - S0 | |||
| Resolution: | fixed | Pull request: | ||
| Affected Versions: | OpenNebula 3.0 |
Description
Currently there are some limitations in the x509 authentication:
- The certificate DN can't contain the ":" character, due to the internal protocol between the core and the authentication driver.
- If the certificate contains some special characters, like "á", they are not processed correctly and the authentication fails.
Subtasks
Associated revisions
bug #847: Implements update method for VirtualNetworks in OpenNebula core
bug #847: New methods for OCA and onevnet option
bug #847: Adds template to Users to store metadata. Added OCA (ruby) methods and command option
bug #847: Prints the template information for the user
bug #847: User load fails if there is no template. Needs a proper onedb update method.
bug #847: Added method to get & erase an attribute. Cleaned up prototypes
bug #847: changes the prototype of mkfs function in Image Driver
bug #847: Fix constness for erase method in PoolObjectSQL. Better check in template erase
bug #847: Removes core attributes from VirtualNetwork template, so it only stores vnet metadata after creation
bug #847: Cleans image templates so only metadata is left. Adds path and fstype to image attributes for reference
bug #847: Tokens are never sha1_digested. Core authentication mechanism stores the passwords digested, client sends plain passwords. Includes OCA (Ruby), CloudAuth and CLI updates. Ozones needs redesign its password storafe strategy.
bug #847: Unneeded configuration option for sunstone removed.
bug #847: The authentication driver is now not encoded as part of the secret. The base auth driver has been updated to deal with this new protocol
bug #847: Updated login tokens for auth drivers
Bug #847: Add the auth driver column to oneuser list output
Bug #847: Update the scheduler client, it does not hash the password
Bug #847: Add new ACL operation to change the user auth driver. TODO: update Sunstone acl tab
Bug #847: Perform sha1 for new passwords if the core driver is used
bug #847: Fixes tests for session cache
bug #847: Added driver option to examples in command help
bug #847: This commit includes several changes to the auth mechanism:
1.- Simplified auth methods for UserPool
2.- Added special SERVER_AUTH method for sudo'ing
3.- Added special PUBLIC_AUTH method for only-public interface users
4.- Added special driver name ("default") to authenticate unknown users
bug #847: Added a new server method based on OpenSSL symetric ciphers
bug #847: Get rid of unneeded constructor in AuthRequest
Bug #847: Allow to change the auth driver only in one.user.chauth
bug #847: Renamed server to server_x509, also ServerAuth is now ServerX509Auth to be coherent with the new server classes. Condifuration file also changed to server_x509_auth.conf
Bug #847: Change the expected session token for server users to allow session caching
bug #847: New password method for Auth drivers. oneuser command update to make use of it
bug #847: Removed unneeded access to public key in SshAuth class
bug #847: Removed dependency for user/passwd access in server_cipher driver. The ServerCipherAuth can now be instantiated in driver and client modes
bug #847: Make drivers with name matching server* a server driver
bug #847: Missing header file for fnmatch
bug #847: Change token to be send to the driver. The target user is not included as part of the token
bug #847: Updated oned.conf with new auth methods
bug #847: Add timestamp generation to Cloud Servers
bug #847: Added Sunstone Authorization. Updated server classes
bug #847: Fixes minor bugs in suntone-server
bug #847: OCCI Server update to new Auth framework
bug #847: Update EC2Query for the new auth framework
Bug #847: Guess the driver to use in 'oneuser create' from the authentication option
bug #847: Update method to get server credentials from etc files
Bug #847: Automatically create at bootstrap new user serveradmin with server_cipher driver.
bug #847: Adds option to filter public users in CloudAuth. Fixes paths for auth's files
bug #847: Login files are created with 0600 permissions
bug #847: Login files are created with 0600 permissions
(cherry picked from commit 20b67c6e5983a3d9cd5acfc9c6d407778179af93)
bug #847: Add sha1 option and driver helpers
bug #847: Add driver option
Bug #847: Create new configuration files for serveradmin user, create a random password for it
bug #847: Update server_x509_auth to the new token system
bug #847: Udate EC2_AUTH and OCCI_AUTH location
bug #847: Fix server_x509_auth user definition
bug #847: Create auth files with 0600 permissions. Refactors UserPool constructor
bug #847: Removed stderr messages. IO for File
Bug #847: Change authentication conf files for serveradmin to VAR_LOCATION/.one
bug #847: Refactor X509CloudAuth
bug #847: Delete spaces from password, if x509 driver
bug #847: Fix EC2 signature version 1
History
#1
Updated by Ruben S. Montero almost 10 years ago
- Target version changed from Release 3.4 to Release 3.2 - S0
#2
Updated by Ruben S. Montero over 9 years ago
- Status changed from New to Closed
- Resolution set to fixed