We have been initializing Kerberos logins using opennebula
contextualizaton on FermiCloud since the beginning.
The UNAME field automatically defined but not automatically passed to
contextualization scripts inside the VMs.
Here is a snippet of code that we use to do just that.
(The username is encoded as part of the context string in
base-64 so you have to parse it out).
----------------------------------------
SUFFIX="@FNAL.GOV"
if [ $(which xpath) ] || yum install -y perl-XML-XPath; then
USERNAME1=$(echo $CTX_USER | base64 -d | /usr/bin/xpath
'/USER/NAME/text()')
else
echo "This script ($0) needs xpath and YUM failed to install it via the
perl-X
ML-XPath RPM"
USERNAME1='MissingBINARYxpath'
fi
USERNAME2='gerard1'
mv /root/.k5login /root/k5login.old
echo $USERNAME1$SUFFIX > /root/.k5login
echo $USERNAME2$SUFFIX >> /root/.k5login
-----------------------
We pass this script as a contextualization file to
be used by the one-context rpm.
Also you have to add in the CONTEXT section of the template
CTX_USER="$USER[TEMPLATE]",
Steve
On Thu, 24 Jul 2014, Alexandr Baranov wrote:
Hi,
I'm trying to setup kerberos login to log into VMs with kerberos username
matching ONE username. I'm going to use UNAME variable and ONE documentation
states it as pre-defined. So the question is: do I need to manually specify
UNAME inside the VM template, or is it automatically defined and passed to
contextualization scripts?
------------------------------------------------------------------
Steven C. Timm, Ph.D (630) 840-8525
[email protected] http://home.fnal.gov/~timm/
Fermilab Scientific Computing Division, Scientific Computing Services Quad.
Grid and Cloud Services Dept., Associate Dept. Head for Cloud Computing
_______________________________________________
Users mailing list
[email protected]
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
