文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >Openstack Keystone OTP

Openstack Keystone OTP
EN

Stack Overflow用户
提问于 2016-03-09 11:28:21
回答 1查看 1.3K关注 0票数 1

我需要为Keystone写一个TOTP插件。现在我遵循这个指南http://docs.openstack.org/developer/keystone/auth-totp.html

但我不能通过第一步并创建TOTP证书。

我得到了以下错误。

代码语言:javascript
复制
{"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}

调试:

代码语言:javascript
复制
sudo tail -n 50 /var/log/httpd/keystone.log
2016-03-09 12:04:55.808 1181 DEBUG keystone.middleware.auth [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] There is either no auth token in the request or the certificate issuer is not trusted. No auth context will be set. 2016-03-09 12:04:55.808 process_request /opt/stack/keystone/keystone/middleware/auth.py:171
2016-03-09 12:04:55.814 1181 INFO keystone.common.wsgi [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] POST http://localhost:5000/v3/credentials
2016-03-09 12:04:55.815 1181 DEBUG keystone.common.controller [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] RBAC: Authorizing identity:create_credential(credential={u'user_id': u'4725c2a6592c46b89bbd42da1731d5ed', u'type': u'totp', u'blob': u'OBQXG43XN5ZGI'}) 2016-03-09 12:04:55.815 _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:80
2016-03-09 12:04:55.816 1181 DEBUG keystone.common.controller [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] RBAC: building auth context from the incoming auth token 2016-03-09 12:04:55.816 _build_policy_check_credentials /opt/stack/keystone/keystone/common/controller.py:92
2016-03-09 12:04:55.817 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Acquiring connection 2016-03-09 12:04:55.817 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.817 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Acquired connection 140351418931208 2016-03-09 12:04:55.817 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.818 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 1
40351135589296, thread 140351402075904: Releasing connection 140351418931208 2016-03-09 12:04:55.818 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.819 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Acquiring connection 2016-03-09 12:04:55.819 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.819 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Acquired connection 140351418931208 2016-03-09 12:04:55.819 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.820 1181 DEBUG oslo.cache._memcache_pool [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Memcached pool 140351135589296, thread 140351402075904: Releasing connection 140351418931208 2016-03-09 12:04:55.820 _debug_logger /usr/lib/python2.7/site-packages/oslo_cache/_memcache_pool.py:116
2016-03-09 12:04:55.821 1181 WARNING keystone.common.controller [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] RBAC: Invalid token
2016-03-09 12:04:55.823 1181 WARNING keystone.common.wsgi [req-c8f883dd-cdb1-46fc-bca3-70ea60285050 - - - - -] Authorization failed. The request you have made requires authentication. from ::1

我的剧本。

对TOTP秘密进行编码:

代码语言:javascript
复制
cat base32_str_encoding.py 
#!/usr/bin/python
import base64
secret = 'password'
print base64.b32encode(secret).rstrip('=')

./base32_str_encoding.py 
OBQXG43XN5ZGI

创建TOTP凭据:

代码语言:javascript
复制
cat create_totp_credential.sh 
#!/usr/bin/bash
USER_ID=4725c2a6592c46b89bbd42da1731d5ed
SECRET=OBQXG43XN5ZGI

curl -i \
  -H "Content-Type: application/json" \
  -d '
{
    "credential": {
        "blob": "'$SECRET'",
        "type": "totp",
        "user_id": "'$USER_ID'"
    }
}' \
  http://localhost:5000/v3/credentials ; echo

关键用户数据库。

代码语言:javascript
复制
mysql -uuser -h localhost -ppassword -Bse 'use keystone; select * from user where name="trex";'

| id                               | name     | extra                                                  | password                                                                                                                | enabled | domain_id | default_project_id               |
     4725c2a6592c46b89bbd42da1731d5ed        trex    {"description": "Test user", "email": "trex@trex.com"}  $6$rounds=10000$GfVY/Ws6cxS43fVC$p.44zK6gskY9Y3Aa8MwMCpeIfmKaZVlpB2niv2ewDeQbCyuqBhwOuMwfHLY5Kl67I/QsQUmG5BuK5BB6UtaKe/   1       default d2c1b6084c5a41ceb5582c736e3f03f8
openstack
EN

回答 1

Stack Overflow用户

回答已采纳

发布于 2017-05-09 22:21:18

代码语言:javascript
复制
curl -i \
-H "X-Auth-Token: $OS_TOKEN" \   ###########INSERT YOUR TOKEN############
-H "Content-Type: application/json" \
-d '
{
  "credential": {
      "blob": "'$SECRET'",
      "type": "totp",
      "user_id": "'$USER_ID'"
  }
}' \
http://localhost:5000/v3/credentials ; echo
票数 2
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/35890335

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档