Hello, I am trying to deploy OpenNebula in my local network, where we use Kerberos authentication. I wrote a simple Perl script /var/lib/one/remotes/auth/krb5/authenticate, which works from the command line as expected. I am able to create users in Sunstone (with a dummy password and a custom/krb5 auth method), and they are able to log in. The problem is that it does not work for some users. The users who are not able to log in are those who have spaces in their passwords. The problem is that my …/krb5/authenticate script is not even called for those users.
The unsuccessful login attempts are not logged at all in oned.log, only in sunstone.log:
Wed Mar 23 11:15:45 2016 [E]: User xtest could not be authenticated
Wed Mar 23 11:15:45 2016 [E]: Net::ReadTimeout
Wed Mar 23 11:15:45 2016 [I]: Unauthorized login attempt
Wed Mar 23 11:15:45 2016 [I]: 127.0.0.1 - - [23/Mar/2016:11:15:45 +0100] “POST /login HTTP/1.1” 401 - 30.0181
How can I make Kerberos authentication work with any passwords from the Kerberos database?