Hello Guys,
I’m having trouble logging in after an unsuccessful password change for the oneadmin user
Trying according to the documentation, it is not even possible to change the password
oneuser passwd 0 <my.password>
[one.user.passwd] User couldn't be authenticated, aborting call.
You ran into a chicken and egg problem. In order to change the oneadmin password, your CLI must be correctly loading the auth from /var/lib/one/.one/one_auth so the API Call to change the password gets correctly authenticated.
In this case, you need to change the password directly in the database.
mysql> use opennebula;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> select body from user_pool where oid=0;
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| body |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| <USER><ID>0</ID><GID>0</GID><GROUPS><ID>0</ID></GROUPS><GNAME>oneadmin</GNAME><NAME>oneadmin</NAME><PASSWORD><![CDATA[b065663b91df7176a5d6567fddde2eb91b3ea73a5055c1f0915909f764d92cc6]]></PASSWORD><AUTH_DRIVER><![CDATA[core]]></AUTH_DRIVER><ENABLED>1</ENABLED><TEMPLATE><SSH_PUBLIC_KEY><![CDATA[ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDDBWCwxZyryxr1NhhJkTMQDs/8kl1Za0BB1J6rcFrjihkWuB5aVtsYq1KknOAbDqOYQODO9ZRwaYAH38AjAXUbmpZ6CDcLugkYdZ09tMoYbPLn7fd9VCJ1549Ml08uDfYhtGWakadZOGhfo48YXyinprwcxnIbWY4fyIvT/IhkkA1mJsg5vEJd+OCc8bGulCrK77mHuQH+6zYUqrGPjkpomuqruBnExh0+H1++gUSxZfGHZX383SOvlOTPhGLQ3NV7EdPuOLAxDqcNsA5BxMtRp5rMEB6bIEQyPsTwwbBGeGUKCJYynOuPMRaR1WsxHFBmERuYedCF1RFIYDIM5czrz1+mldMse3753MdoR6NHZXQqnzr2aHYhMeg9pJOEMkwUtTt/CMX7xJ6V/zArUjEH2IW59eU2fpS7LWkOwJqe5wxC+BYzfnhpalfOQCMO0nhNzcwyDDzsJ085nP/EfKTvbcW4eatsrSGR6yaiJcYOxcGluIfc+8w3Rpnqpd72tC0= oneadmin@provisionengine
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDAfIfpKb78xN8ECILRH2FAP9K5MP3spp5cw2tG90GCLR5gya7B59UJVGhTqJIAVQSS8M1CD1hIzMH69Prwqcp1a8zCd2oRwsaPJ2I9ExCI0sZY6RoZN5t5KW+yxoK9BB4NtcQrYKg2nIdwJNYIDjxJqh8bRbS9DauP2sNPpOx6mSQeq+xYDtrYVpS6Wu6JIy69GhnlJ4eDq4lkSouLz6HIP1Dz3T6qrELEN1ifHi4bZZRZ0bv5r3v5ALkR6L5L2lT/efE0Htvqh8kQLrYDmkKE1KbPEJVo/KqetcqMttZa1PIln7VPhifZwV37n0A3alI/U9OD/kTr5YxEo+bxDY0EwNtm6X1h0fc3Xf/7JDC3432sfFjD75eKQz6ckELawd3YdkfWfFtJf1rMsb2IT0FpywYNVkvUoEHwboN+OL57LKx3sX5mk/fXHOmrzcGYQvkR3UY7yGkPgJjaC2rxAXOaS8gltb1liPsSQgY/3VucT3XK9hbe/H9+M/++Xn1NQ4k= root@provisionengine]]></SSH_PUBLIC_KEY><TOKEN_PASSWORD><![CDATA[34ddec643cc879652f4959357dfb776d200dfc4ce13b7fcf883ac31b3c33ea0b]]></TOKEN_PASSWORD></TEMPLATE></USER> |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)
For that replace the body column of the row 0 in the user_pool table with an XML like the one shown above. The XML must contain in PASSWORD the result of
echo -n your_password | sha256sum | cut -d ' ' -f 1
In this case my password is opennebula
root@pe-dev:~# echo -n 'opennebula' | sha256sum | cut -d ' ' -f 1
b065663b91df7176a5d6567fddde2eb91b3ea73a5055c1f0915909f764d92cc6
Then you write said password (without the hashing) to /var/lib/one/.one/one_auth as stated here.
Ya, tried this yesterday and works.
Strangely, the original files have the hashed password
But I need to write the password manually in the *_auth files without hashing
At the moment I can log in, but something strange happened, I can’t list the users inside the sunstone interface, only through the CLI with oneuser list or oneuser show , i missed something?
The core service opennebula and the CLI use the authentication locat at /var/lib/one/.one/one_auth which corresponds to the oneadmin user credentials.
Then the rest of the complementary services like opennebula-sunstone and opennebula-flow use the rest of the files in the ~/.one directory, which hold the serveradmin credentials. On the previous doc link there is a note about both users auth files.