Re: [ovirt-users] adding machine to openldap + kerberos with a keytab

--Alternative_=_Boundary_=_1410391296 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable William<br><br>Thank you as well I have noticed from the logs that if the m= anager interface isn't used in a while it has to reinitialize or renew the = ticket in the cache. This process can cause a noticeable delay in logins an= d using a keytab. This is a part of (but not the whole) reason keytabs exis= t in kerberos.<br><br><span style=3D"font-family:Prelude, Verdana, san-seri= f;"><br><br></span><span id=3D"signature"><div style=3D"font-family: arial,= sans-serif; font-size: 12px;color: #999999;">-- Sent from my HP Pre3</div>= <br></span><span style=3D"color:navy; font-family:Prelude, Verdana, san-ser= if; "><hr align=3D"left" style=3D"width:75%">On Sep 10, 2014 7:11 PM, Willi= am Law &amp;lt;wlaw(a)stanford.edu&amp;gt; wrote: <br><br></span>OK, thanks. Is ther= e a way to perform it without manage-domains currently or in 3.5?=0D<br>=0D= <br>Regards,=0D<br>=0D<br>Will=0D<br>=0D<br>On Sep 10, 2014, at 4:07 PM, Ya= ir Zaslavsky &amp;lt;yzaslavs(a)redhat.com&amp;gt; wrote:=0D<br>=0D<br>&gt; =0D<br>&g= t; =0D<br>&gt; ----- Original Message -----=0D<br>&gt;&gt; From: "William L= aw" &amp;lt;wlaw(a)stanford.edu&amp;gt;=0D&lt;br&gt;&amp;gt;&amp;gt; To: "users" &amp;lt;users(a)ovirt.or= g&gt;=0D<br>&gt;&gt; Sent: Thursday, September 11, 2014 1:53:04 AM=0D<br>&g= t;&gt; Subject: [ovirt-users] adding machine to openldap + kerberos with a = keytab=0D<br>&gt;&gt; =0D<br>&gt;&gt; Hi,=0D<br>&gt;&gt; =0D<br>&gt;&gt; Wh= en I try to use engine-manage-domains it seems to expect an account to sign= =0D<br>&gt;&gt; in with. Is there any way to use a key tab? It seems like= it does all this=0D<br>&gt;&gt; under the surface eventually; I'd just lik= e to do it up front.=0D<br>&gt;&gt; =0D<br>&gt;&gt; Even a pointer to "manu= al" adding instructions would be very helpful.=0D<br>&gt;&gt; =0D<br>&gt;&g= t; Thanks,=0D<br>&gt;&gt; =0D<br>&gt;&gt; Will=0D<br>&gt; =0D<br>&gt; Hi Wi= ll,=0D<br>&gt; No way to perform this with manage domains at the moment.=0D= <br>&gt; =0D<br>&gt; Not sure if we will invest in this, as in oVirt 3.5 we= introduce a pluggable architecture for AAA, based on extensions + configur= ation files =0D<br>&gt; managed-domains should be used to support existing = setups that will undergo upgrade to 3.5 (or of course, will remain in their= current versions).=0D<br>&gt; =0D<br>&gt;&gt; ____________________________= ___________________=0D<br>&gt;&gt; Users mailing list=0D<br>&gt;&gt; Users@= ovirt.org=0D<br>&gt;&gt; http://lists.ovirt.org/mailman/listinfo/users=0D<b= r>&gt;&gt; =0D<br>=0D<br>=0D<br>___________________________________________= ____=0D<br>Users mailing list=0D<br>Users@ovirt.org=0D<br>http://lists.ovir= t.org/mailman/listinfo/users=0D<br> --Alternative_=_Boundary_=_1410391296--