Juan Hernandez has submitted this change and it was merged. Change subject: sdk: Add support for Kerberos authentication ...................................................................... sdk: Add support for Kerberos authentication This patch adds support for Kerberos authentication. To use it the user must explicitly indicate it when creating the API object, for example: Api api = new ApiBuilder() .url("https://ovirt.example.com/ovirt-engine/api") .kerberos(true) .build(); When doing this the SDK will take the credentials from the Kerberos credentials cache and will use them to authenticate with the server. Note that the Kerberos environment has to be configured correctly before calling the SDK and that the creditials cache has to be already populated, using the "kinit" command, for example. In order to configure the environment two files are needed: the Kerberos configuration file and the JAAS configuration file. The Kerberos configuration file will usually existin "/etc/krb5.conf". The JAAS configuration file won't probably exist. It needs to be created with content similar to this: com.sun.security.jgss.login { com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true; }; com.sun.security.jgss.initiate { com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true; }; com.sun.security.jgss.accept { com.sun.security.auth.module.Krb5LoginModule required client=true useTicketCache=true; }; The location of this file isn't relevant, it just needs to be readable by the JVM, it can be, for example, located in "/etc/jaas.conf". In addition to these files the following system properties have to be added to the JVM: -Djava.security.auth.login.config=/etc/jaas.conf -Djava.security.krb5.conf=/etc/krb5.conf -Djavax.security.auth.useSubjectCredsOnly=false Change-Id: Ide82e150a5b5b7e8ec9b83aa33c89f0c09656f99 Bug-Url: https://bugzilla.redhat.com/1145237 Signed-off-by: Juan Hernandez <juan.hernandez(a)redhat.com&gt; --- M ovirt-engine-sdk-java-codegen/src/main/java/org/ovirt/engine/sdk/codegen/templates/ApiTemplate M ovirt-engine-sdk-java/src/main/java/org/ovirt/engine/sdk/Api.java M ovirt-engine-sdk-java/src/main/java/org/ovirt/engine/sdk/ApiBuilder.java M ovirt-engine-sdk-java/src/main/java/org/ovirt/engine/sdk/web/ConnectionsPoolBuilder.java 4 files changed, 141 insertions(+), 27 deletions(-) Approvals: Juan Hernandez: Verified; Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/33504 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: Ide82e150a5b5b7e8ec9b83aa33c89f0c09656f99 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine-sdk-java Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernandez(a)redhat.com&gt; Gerrit-Reviewer: Juan Hernandez <juan.hernandez(a)redhat.com&gt; Gerrit-Reviewer: Ravi Nori <rnori(a)redhat.com&gt; Gerrit-Reviewer: automation(a)ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server