[ovirt-devel] AAA changes on 3.6 and master

Martin Perina mperina at redhat.com
Thu Aug 13 06:24:24 UTC 2015 


----- Original Message -----
> From: "Roy Golan" <rgolan at redhat.com>
> To: "Martin Perina" <mperina at redhat.com>, "devel" <devel at ovirt.org>
> Sent: Thursday, August 13, 2015 7:39:21 AM
> Subject: Re: [ovirt-devel] AAA changes on 3.6 and master
> 
> On 08/12/2015 01:11 PM, Martin Perina wrote:
> > Hi,
> >
> > yesterday we merged couple of changes in the AAA area:
> >
> > 1. Legacy provider for 'internal' domain (3.6 and master)
> >     - it's still installed by default if aaa-jdbc provider
> >       is not present (details below)
> >     - UUID of 'admin at internal' user is no longer static, but
> >       for new installations UUID is generated
> >     - Password of 'admin at internal' is no longer saved in vdc_options table,
> >       but it's stored encoded in legacy internal provider config file
> >       (PREFIX/etc/ovirt-engine/extensions.d/internal-authn.properties)
> >     - If you want to change 'admin at internal' password please execute:
> >
> >         PREFIX/bin/engine-setup \
> >             --otopi-environment="OVESETUP_CONFIG/adminPassword=str:MY_PASSWORD"
> 
> Is this supported in the answer file?

Yes

> >
> >       replacing MY_PASSWORD with your new password
> >
> >
> > 2. aaa-jdbc provider for 'internal' domain (3.6 and master)
> >     - this is new implementation of AAA provider which stores users/groups
> >       in database and provide (from engine point of view) same capabilities
> >       as aaa-ldap provider
> >     - on RPM installations it replaces legacy provider for 'internal'
> >       domain
> >     - it's configured automatically on RPM installations when running
> >       engine-setup
> >     - if you want to use it also in development environment, please do
> >       following steps:
> >
> >         a. Checkout sources [1], build and install into your PREFIX
> >
> >         b. Execute
> >              PREFIX/bin/engine-setup \
> >               --otopi-environment="OVESETUP_CONFIG/adminPassword=str:MY_PASSWORD"
> >
> >        This will replace legacy internal provider with aaa-jdbc one.
> >
> >
> > 3. Legacy kerbldap provider (master only)
> >     - it has been dropped from the project
> >     - engine-setup will fail if you have kerbldap provider configured
> >     - you can either migrate to the new aaa-ldap provider using [2]
> >       or create new prefix without kerbldap provider config
> >
> >
> > Thanks
> >
> > Martin Perina
> >
> > [1]
> > https://gerrit.ovirt.org/#/admin/projects/ovirt-engine-extension-aaa-jdbc
> > [2]
> > https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases
> > _______________________________________________
> > Devel mailing list
> > Devel at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/devel
> 
>

More information about the Devel mailing list