Hi, yesterday we merged couple of changes in the AAA area: 1. Legacy provider for 'internal' domain (3.6 and master) - it's still installed by default if aaa-jdbc provider is not present (details below) - UUID of 'admin@internal' user is no longer static, but for new installations UUID is generated - Password of 'admin@internal' is no longer saved in vdc_options table, but it's stored encoded in legacy internal provider config file (PREFIX/etc/ovirt-engine/extensions.d/internal-authn.properties) - If you want to change 'admin@internal' password please execute: PREFIX/bin/engine-setup \ --otopi-environment="OVESETUP_CONFIG/adminPassword=str:MY_PASSWORD" replacing MY_PASSWORD with your new password 2. aaa-jdbc provider for 'internal' domain (3.6 and master) - this is new implementation of AAA provider which stores users/groups in database and provide (from engine point of view) same capabilities as aaa-ldap provider - on RPM installations it replaces legacy provider for 'internal' domain - it's configured automatically on RPM installations when running engine-setup - if you want to use it also in development environment, please do following steps: a. Checkout sources [1], build and install into your PREFIX b. Execute PREFIX/bin/engine-setup \ --otopi-environment="OVESETUP_CONFIG/adminPassword=str:MY_PASSWORD" This will replace legacy internal provider with aaa-jdbc one. 3. Legacy kerbldap provider (master only) - it has been dropped from the project - engine-setup will fail if you have kerbldap provider configured - you can either migrate to the new aaa-ldap provider using [2] or create new prefix without kerbldap provider config Thanks Martin Perina [1] https://gerrit.ovirt.org/#/admin/projects/ovirt-engine-extension-aaa-jdbc [2] https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases