On 12/06/2012 10:35 PM, Charlie wrote:
Supporting non-Kerberos LDAP with simple authentication and no DNS integration would significantly decrease the work required for people like Dennis. Instead of having to set up Kerberos and DNS and an LDAP provider that integrates with both, he could just set up a very simple LDAP server and use a physically secured network or SSL with self-signed keys to protect his authentication traffic.
There are already LDAP servers that use simple backends, including an OpenLDAP variant that uses /etc/passwd and /etc/shadow instead of a db. If the requirement for Kerberos and DNS directory integration were removed, and simple authentication worked, you would be able to support pretty much anything out there in the linux/unix world.
That way oVirt wouldn't have to reinvent any wheels, and people like Dennis would have significantly less costly and time-consuming rebuilding of their networks to do before being able to implement oVirt.
I agree. hopefully we'll get to fix this soon.