Authentication

In the figure to the right of this text you can see three authentication configurations you can customize in OpenNebula.

You can choose from the following authentication drivers to access OpenNebula from the command line:

• Built-in User/Password
• SSH Authentication
• X509 Authentication
• LDAP Authentication

By default, users with the “core” authentication driver (user/password) can login in Sunstone. You can enable users with the “x authentication driver to login using an external SSL proxy (e.g. Apache).

Proceed to the Sunstone documentation to configure the x509 access:

• Sunstone Authentication Methods

OpenNebula ships with three servers: Sunstone, EC2 and OCCI. When a user interacts with one of them, the server authenticates the request and then forwards the requested operation to the OpenNebula daemon.

The forwarded requests are encrypted by default using a Symmetric Key mechanism. The following guide shows how to strengthen the security of these requests using x509 certificates. This is specially relevant if you are running your server in a machine other than the frontend.

• Cloud Servers Authentication