External Auth Overview 3.8
OpenNebula comes by default with an internal user/password authentication and an ACL authorization system, see the Users & Groups Subsystem guide for more information.
You can enable the external Authentication and Authorization drivers to strengthen the security of your cloud.
In the figure to the right of this text you can see three authentication configurations you can customize in OpenNebula.
You can choose from the following authentication drivers to access OpenNebula from the command line:
By default, users with the “core” authentication driver (user/password) can login in Sunstone. You can enable users with the “x authentication driver to login using an external SSL proxy (e.g. Apache).
Proceed to the Sunstone documentation to configure the x509 access:
OpenNebula ships with three servers: Sunstone, EC2 and OCCI. When a user interacts with one of them, the server authenticates the request and then forwards the requested operation to the OpenNebula daemon.
The forwarded requests are encrypted by default using a Symmetric Key mechanism. The following guide shows how to strengthen the security of these requests using x509 certificates. This is specially relevant if you are running your server in a machine other than the frontend.
Please proceed to the following guides to learn more: