Re: [ovirt-users] Disable auth basic in API

On 04/11/2014 11:28 PM, Jose Manuel Marquez Alhambra wrote: Disabling authentication is very bad practice, but if you really need to you can use the web server configuration to automatically add the required "Authorization" header: 1. Compute the basic authentication token from your user name and password. For example, if your password if your user is "admin@internal" and your possword is "abcdefg": # echo -n admin@internal:abcdefg | base64 YWRtaW5AaW50ZXJuYWw6YWJjZGVmZw== 2. Use the mod_headers module to append the authorization header to all the requests directed to the RESTAPI, creating a file disable-restapi-auth.conf in the /etc/httpd/conf.d directory, with the following content: <Location /ovirt-engine/api> RequestHeader set Authorization "Basic YWRtaW5AaW50ZXJuYWw6YWJjZGVmZw==" </Location> Make sure that this file is readable only by root, as it contains your password: # chmod u=r,g=,o= /etc/httpd/conf.d/disable-restapi-auth.conf 3. Restart the web server: # service httpd restart To make this a little bit more secure I would suggest to allow this unauthenticated access available only to certain client IP addresses. For example: <Location /ovirt-engine/api> SetEnvIf Remote_Addr 192\.168\.122\.1 Disable_Auth RequestHeader set Authorization "Basic YWRtaW5AaW50ZXJuYWw6cmVkaGF0MTIz" env=Disable_Auth </Location> As I said this is a very bad setting from a security point of view, so remember to revert it as soon as the broker developers fix the error. -- Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta 3ºD, 28016 Madrid, Spain Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L.