Hi, maybe I am wrong, but I think you didn't properly setup your ovirt to support kerberos. You have to use new AAA, do you use it? It's not working with legacy manage-domains. Please see these[1][2] links. Ondra [1] http://www.ovirt.org/Features/AAA [2] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob... On 09/04/2015 04:34 PM, Martynov Alexander wrote:
Hello. I have problem with kerberos authentication. I use ovirt-engine-sdk-python from https://github.com/oVirt/ovirt-engine-sdk.git.
I have RHEL manager and IPA server.
I created a virtual machine and installed RedHat 7.0 on the vm. I did command ipa-client-install on this vm. Command id diplayed a valid value for user admin. I got with wget ca.crt file from manager.
When I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", username="admin@dev.ru", password="something", ca_file = "/tmp/ca.crt") that's all correct. I got api and I could use this api.
Then: I cloned git repo git clone https://github.com/oVirt/ovirt-engine-sdk.git created ovirt-engine-sdk-python rpm with kerberos authentication support. make rpm installed this package on my vm. rpm -ihv ovirt-engine-sdk-python-4.0.0.0-0.1.el7.noarch.rpm I got kerberos ticket: kinit admin klist displayed that is valid ticket. And when I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", kerberos = True, ca_file = "/tmp/ca.crt") I got error 401 Unauthorized.
Is what is incorrect?
Redhat 7.0, RHEL 3.5 _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users