# kinit aleksey Password for aleksey@AD.HOLDING.COM: *** # klist Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9 Default principal: aleksey@AD.HOLDING.COM Valid starting Expires Service principal 09/30/2016 16:50:32 10/01/2016 02:50:32 krbtgt/AD.HOLDING.COM@AD.HOLDING.COM renew until 10/07/2016 16:50:29 # curl --negotiate -u : -X GET -H "Accept: application/xml" -k https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <api> ... output truncated ... </api> It Works. The browsers are configured. Kerberos authentication for Windows web servers working successfully from Internet Explorer & Forefox 30.09.2016, 16:45, "Ondra Machacek" <omachace@redhat.com>:
'/etc/httpd/s-oVirt-Krb.keytab' is apache keytab, you can't try to test login with it. You should try something like `kinit myuser` and then curl. And be sure that 'myuser' has appropriate permissions in oVirt.
Do you have properly setup your browser and enabled negotiation (for example for firefox [1])?
[1] https://docs.fedoraproject.org/en-US/Fedora/11/html/Security_Guide/sect-Secu...