Re: [ovirt-users] adding machine to openldap + kerberos with a keytab

Hi, We are doing significant rework within the authentication and authorization slot, most will be available in 3.5. In nut shell, there are two packages: ovirt-engine-extension-aaa-ldap - provider of authentication and authorization using ldap protocol. ovirt-engine-extnesion-aaa-misc - for misc support (see documentation). Integrating with ldap now does not require using kerberos, a preferred way is to use the ldap protocol using startTLS and basic authentication, as in this mode most ldap implementations returns valid result codes out of failures. GSSAPI is still supported, although I recommend to avoid, but if you insist... you can probably use keytab, I did not test this... but it should be available using, if it works, please tell me :) --- pool.default.auth.gssapi.useTicketCache = true pool.default.auth.gssapi.ticketCachePath = <path-to-keytab> --- As per single signon with apache, please refer to "APACHE SSO CONFIGURATION" within[1]. Any feedback will be appreciated. Regards, Alon Bar-Lev ovirt-engine-extension-aaa-ldap documentation [1] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=bl... [2] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=bl... [3] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=bl... ovirt-engine-extension-aaa-misc documentation [4] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-misc.git;a=bl... [5] http://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-misc.git;a=bl...