• Leigh Stoller's avatar
    Large set of changes for using the Geni trusted signer tool, to · 980f6cbd
    Leigh Stoller authored
    authenticate Geni users to CloudLab (who do not have Emulab accounts).
    CloudLab users must have an account to do anything (unlike APT which allows
    guest users). But instead of requiring them to go through the Emulab
    account creation (high bar), let then use their Geni credentials to prove
    who they are. We then build a local account for that new user, and save off
    the speaksfor credential so that we can act on their behalf when talking to
    the backend clusters (and their MA to get their ssh keys).
    
    These users do not have a local account password, so they cannot log into
    the web interface using the Emulab login page, nor do they have a shell on
    ops.
    
    Once authenticated, we put the appropriate cookies into the browser via
    javascript, so they can use the Cloud (okay, APT) web interface (they
    appear logged in).
    
    I make use of the nonlocal_id field of the users table, which was not being
    used for anything else. Officially, these are "nonlocal" users in the code
    (IsNonLocal()).
    
    When a nonlocal user instantiates a profile, we use their speaksfor
    credential to ask their home MA for their ssh keys, which we then store in
    the DB, and then provide to the aggregate via the CreateSliver call.
    Note that no provision has been made for users who edit their profile and
    add keys; I am not currently expecting these users to stumble into the web
    interface (yet).
    980f6cbd
Name
Last commit
Last update
account Loading commit data...
apache Loading commit data...
apt Loading commit data...
assign Loading commit data...
autoconf Loading commit data...
backend Loading commit data...
bugdb Loading commit data...
cdrom Loading commit data...
clientside Loading commit data...
collab Loading commit data...
daikon Loading commit data...
db Loading commit data...
delay Loading commit data...
dhcpd Loading commit data...
discvr Loading commit data...
doc Loading commit data...
event Loading commit data...
firewall Loading commit data...
flash Loading commit data...
fwrules Loading commit data...
hw_config Loading commit data...
hyperviewer Loading commit data...
image-test Loading commit data...
install Loading commit data...
ipod Loading commit data...
mote Loading commit data...
named Loading commit data...
node_usage Loading commit data...
ntpd Loading commit data...
os Loading commit data...
patches Loading commit data...
pelab Loading commit data...
protogeni Loading commit data...
pxe Loading commit data...
rc.d Loading commit data...
robots Loading commit data...
rpms Loading commit data...
security Loading commit data...
sensors Loading commit data...
sql Loading commit data...
ssl Loading commit data...
sysadmin Loading commit data...
tbsetup Loading commit data...
testsuite Loading commit data...
tip Loading commit data...
tmcd Loading commit data...
tools Loading commit data...
utils Loading commit data...
vis Loading commit data...
wiki Loading commit data...
www Loading commit data...
xmlrpc Loading commit data...
.gitattributes Loading commit data...
.gitignore Loading commit data...
.gitmodules Loading commit data...
.loc-ignore Loading commit data...
AGPL-COPYING Loading commit data...
GNUmakefile.in Loading commit data...
GNUmakerules Loading commit data...
GPL-COPYING Loading commit data...
LGPL-COPYING Loading commit data...
MOVED-TO-WIKI Loading commit data...
Makeconf.in Loading commit data...
README Loading commit data...
TODO Loading commit data...
TODO.plab Loading commit data...
VERSION Loading commit data...
WEBtemplate.in Loading commit data...
config.h.in Loading commit data...
configure Loading commit data...
configure.in Loading commit data...
defs-apt Loading commit data...
defs-default Loading commit data...
defs-duerig-emulab Loading commit data...
defs-elabinelab Loading commit data...
defs-example Loading commit data...
defs-gtw-emulab Loading commit data...
defs-johnsond-emulab Loading commit data...
defs-kwebb-apt Loading commit data...
defs-kwebb-emulab Loading commit data...
defs-mike-emulab Loading commit data...
defs-ricci-emulab Loading commit data...
defs-stoller-emulab Loading commit data...
defs-stoller-home Loading commit data...
defs-stoller-lbsdb Loading commit data...
defs-uky Loading commit data...
defs-utahclient Loading commit data...
defs-wbsun-emulab Loading commit data...
defs-wide Loading commit data...
pnet-favicon.ico Loading commit data...