Re: [ovirt-users] seria consol setup
Le 23 mars 2016 à 12:28, Yedidyah Bar David <didi(a)redhat.com> a
écrit :
On Wed, Mar 23, 2016 at 1:04 PM, Fabrice Bacchella
<fabrice.bacchella(a)orange.fr> wrote:
> I'm reading the documentation here :
> http://www.ovirt.org/documentation/admin-guide/serial-console-setup/
>
> After a few strace, I found the ssh configuration used for the custom ssh that listen
on port 2222:
>
/usr/share/ovirt-vmconsole/ovirt-vmconsole-proxy/ovirt-vmconsole-proxy-sshd/sshd_config
>
> And I have a big problem with it.
> It says "GSSAPIAuthentication no" but public key authentication is not
allowed in my data center, we use kerberos every where.
> So I wonder if I can edit this file ? How is it managed by ovirt ?
In general, things under /usr are only packaged, not "managed". So a
next upgrade will overwrite your changes.
Ok, so I just need to take care how modifications and upgrade are done (using puppet) and
everything should be fine.
Seems like both its systemd unit and sysv init script read
/etc/sysconfig/ovirt-vmconsole-proxy-sshd if it exists and add
${OPTIONS} to sshd's command line. So you can try to:
echo 'OPTIONS="-o GSSAPIAuthentication=yes"' >>
/etc/sysconfig/ovirt-vmconsole-proxy-sshd
I tried that. It works. I now have pure kerberos only problems. But that's a good
direction.
and restart it.