[ovirt-users] Questions about AAA-JDBC -- user's setting their own password?

[Ondra Machacek]

On 11/02/2016 09:27 PM, Derek Atkins wrote:
> Hi,
>
> I'm setting up a new ovirt-4 system on a single machine to replace my old
> vmware-server single-system infrastructure.  I have a handful of users,
> and I'd like to give them access to specific VM consoles (and possibly the
> ability to start and stop the VMs).  I don't want to set up a whole
> FreeIPA system, instead I'd like to use the AAA-JDBC extension.  But I
> have a few questions that aren't really answered in the
> wiki/documentation:
>
> 1) The documentation talks about adding domains..  Must I do this or can I
> just use the default (internal?) domain for my users?

No, you can use internal domain, but you can create new ones if you want.

>
> 2) I have a command-line interface to create new users -- is there any way
> to do that in the UI?

No. In UI you can only manage permissions of already created users.

>
> 3) Must I create groups via the command line or can I create those in the
> UI?  If I have to create them in the CLI, must I manage the group
> membership on the command line, too?

No UI, command line only.

>
> 4) Most importantly, is there any way for my users to change their
> AAA-JDBC passwords via the web UI?  Some of my users are halfway around
> the world, so there's really no way I can sit with them on the command
> line to let them set their password.  I couldn't find anything in the
> documentation about this, and indeed couldn't find anything in my (granted
> limited) search of the web interface.  Personally I would have considered
> this a required feature that (IMNSHO) would have blocked a release.

There is 'change password' feature in UI. If you create some user and
predefine him some password it's expired by default. So user must
change it in next login. Password change is done in UI login dialog.

>
> Thanks,
>
> -derek
>