I am trying to migrate all the user information from the OpenNebula mysql database to another mysql database that handles authentication for a different platform. I wanted to ask other members of this forum for opinions and suggestions as to whether this approach is even worth while.
For example, the user credentials in the mysql database for OpenNebula using core authentication are hashed using sha1, which is ok, but in this case the information cannot migrate since we cannot get a cleartext version of the password. The 2nd mysql database where we intended to replicate user information does have a password salt field for each record.
Perhaps adding a second column for password salts in OpenNebula would be ideal, but some of the core authentication driver and some sql queries would also have to be changed. So if anyone has tried this, please feel free to chime in
I am thinking that perhaps the only way to get these two databases to sync is with LDAP, since the other platform does have LDAP authentication, but then an LDAP server needs to be added (which is good for centralization but adds another endpoint for a small user group) and write schema that both platforms can use.
I read the http://docs.opennebula.org/4.12/administration/users_and_groups/manage_users.html#user-authentication and don’t think parsing the one_auth files with cleartext is a long-term desired effect, despite the quick win.
Thoughts, ideas, comments? Any suggestions are well appreciated.