Re: [ovirt-users] Disable admin@internal account

This is a multi-part message in MIME format. --------------030008080802090601070001 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On 04/15/2015 12=3A08 PM=2C =D0=9D=D0=B8=D0=BA=D0=BE=D0=BB=D0=B0=D0=B5= =D0=B2 =D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9 wrote=3A =3E Hi community! =3E =20 =3E The Red=5FHat=5FEnterprise=5FVirtualization-3=2E5-Administration=5FGuid= e says =3E how to add users from external directory=2E =3E But now i want to disable admin=40internal =3E =3Cmailto=3Aadmin=40internal=3E account for security reasons and use it= only =3E for disaster recovery situations =28or then ldaps servers not =3E available=29=2E Can i do it=3F =3E =20 =3E What are best practises for use only external directory=3F =3E If i delete admin=40internal =3Cmailto=3Aadmin=40internal=3E account ca= n i add =3E it again=3F =3E =3E =3E =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F =3E Users mailing list =3E Users=40ovirt=2Eorg =3E http=3A//lists=2Eovirt=2Eorg/mailman/listinfo/users Should be possible last time I asked=2C see response below=3A Subject=3A =09Re=3A =5Bovirt-users=5D oVirt 3=2E5 and FreeIpa Date=3A =09Thu=2C 22 Jan 2015 06=3A59=3A52 -0500 =28EST=29 From=3A =09Alon Bar-Lev =3Calonbl=40redhat=2Ecom=3E To=3A =09Jorick Astrego =3Cj=2Eastrego=40netbulae=2Eeu=3E CC=3A =09users=40ovirt=2Eorg =3Csnip=3E Also can we get rid of the internal admin or better just disable internal authenticationt without problems=3F As we have ipa we don=27t want= local login enabled=2C but in emergency situations we might need to turn it on quickly=2E Yes=2C you can disable the internal by creating /etc/ovirt-engine/engine=2E= conf=2Ed/50-disable-internal=2Econf --- ENGINE=5FEXTENSION=5FENABLED=5Fbuiltin-authn-internal =3D false --- Hmmm=2E=2E=2E=2E we have a bug in this case=2E=2E=2E will fix=2C so let=27s= just disable the authz for now=2E --- ENGINE=5FEXTENSION=5FENABLED=5Finternal =3D false Met vriendelijke groet=2C With kind regards=2C Jorick Astrego Netbulae Virtualization Experts=20 ---------------- =09Tel=3A 053 20 30 270 =09info=40netbulae=2Eeu =09Staalsteden 4-3A =09KvK= 08198180 =09Fax=3A 053 20 30 271 =09www=2Enetbulae=2Eeu =097547 TA Enschede =09BTW= NL821234584B01 ---------------- --------------030008080802090601070001 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable =3Chtml=3E =3Chead=3E =3Cmeta content=3D=22text/html=3B charset=3DUTF-8=22 http-equiv=3D=22Co= ntent-Type=22=3E =3C/head=3E =3Cbody bgcolor=3D=22=23FFFFFF=22 text=3D=22=23000000=22=3E =3Cbr=3E =3Cbr=3E =3Cdiv class=3D=22moz-cite-prefix=22=3EOn 04/15/2015 12=3A08 PM=2C=20= =D0=9D=D0=B8=D0=BA=D0=BE=D0=BB=D0=B0=D0=B5=D0=B2 =D0=90=D0=BB=D0=B5=D0=BA=D1=81=D0=B5=D0=B9 wrote=3A=3Cbr=3E =3C/div=3E =3Cblockquote cite=3D=22mid=3A2853701429092492=40web25j=2Eyandex=2Eru= =22 type=3D=22cite=22=3E =3Cdiv=3EHi community!=3C/div=3E =3Cdiv=3E=C2=A0=3C/div=3E =3Cdiv=3EThe Red=5FHat=5FEnterprise=5FVirtualization-3=2E5-Administration=5FGuid= e says how to add users from external directory=2E=3C/div=3E =3Cdiv=3EBut now i want to disable =3Ca moz-do-not-send=3D=22true=22= href=3D=22mailto=3Aadmin=40internal=22=3Eadmin=40internal=3C/a=3E= =C2=A0account for security reasons and use it only for disaster recovery situations =28or then ldaps servers not available=29=2E Can i do it= =3F=3C/div=3E =3Cdiv=3E=C2=A0=3C/div=3E =3Cdiv=3EWhat are best practises for use only external directory=3F= =3C/div=3E =3Cdiv=3EIf i delete =3Ca moz-do-not-send=3D=22true=22 href=3D=22mailto=3Aadmin=40internal=22=3Eadmin=40internal=3C/a=3E= =C2=A0account can i add it again=3F=3C/div=3E =3Cbr=3E =3Cfieldset class=3D=22mimeAttachmentHeader=22=3E=3C/fieldset=3E =3Cbr=3E =3Cpre wrap=3D=22=22=3E=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F=5F= =5F=5F=5F=5F=5F=5F=5F Users mailing list =3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22mailto=3AUsers=40ovir= t=2Eorg=22=3EUsers=40ovirt=2Eorg=3C/a=3E =3Ca class=3D=22moz-txt-link-freetext=22 href=3D=22http=3A//lists=2Eovirt= =2Eorg/mailman/listinfo/users=22=3Ehttp=3A//lists=2Eovirt=2Eorg/mailman/lis= tinfo/users=3C/a=3E =3C/pre=3E =3C/blockquote=3E Should be possible last time I asked=2C see response below=3A=3Cbr=3E= =3Cbr=3E =3Cbr=3E =3Cbr=3E =3Ctable class=3D=22moz-email-headers-table=22 border=3D=220=22 cellpad= ding=3D=220=22 cellspacing=3D=220=22=3E =3Ctbody=3E =3Ctr=3E =3Cth align=3D=22RIGHT=22 nowrap=3D=22nowrap=22 valign=3D=22BASEL= INE=22=3ESubject=3A =3C/th=3E =3Ctd=3ERe=3A =5Bovirt-users=5D oVirt 3=2E5 and FreeIpa=3C/td=3E= =3C/tr=3E =3Ctr=3E =3Cth align=3D=22RIGHT=22 nowrap=3D=22nowrap=22 valign=3D=22BASEL= INE=22=3EDate=3A =3C/th=3E =3Ctd=3EThu=2C 22 Jan 2015 06=3A59=3A52 -0500 =28EST=29=3C/td=3E= =3C/tr=3E =3Ctr=3E =3Cth align=3D=22RIGHT=22 nowrap=3D=22nowrap=22 valign=3D=22BASEL= INE=22=3EFrom=3A =3C/th=3E =3Ctd=3EAlon Bar-Lev =3Ca class=3D=22moz-txt-link-rfc2396E=22 hre= f=3D=22mailto=3Aalonbl=40redhat=2Ecom=22=3E=26lt=3Balonbl=40redhat=2Ecom=26= gt=3B=3C/a=3E=3C/td=3E =3C/tr=3E =3Ctr=3E =3Cth align=3D=22RIGHT=22 nowrap=3D=22nowrap=22 valign=3D=22BASEL= INE=22=3ETo=3A =3C/th=3E =3Ctd=3EJorick Astrego =3Ca class=3D=22moz-txt-link-rfc2396E=22 h= ref=3D=22mailto=3Aj=2Eastrego=40netbulae=2Eeu=22=3E=26lt=3Bj=2Eastrego=40ne= tbulae=2Eeu=26gt=3B=3C/a=3E=3C/td=3E =3C/tr=3E =3Ctr=3E =3Cth align=3D=22RIGHT=22 nowrap=3D=22nowrap=22 valign=3D=22BASEL= INE=22=3ECC=3A =3C/th=3E =3Ctd=3E=3Ca class=3D=22moz-txt-link-abbreviated=22 href=3D=22mai= lto=3Ausers=40ovirt=2Eorg=22=3Eusers=40ovirt=2Eorg=3C/a=3E=3C/td=3E =3C/tr=3E =3C/tbody=3E =3C/table=3E =3Cbr=3E =26lt=3Bsnip=26gt=3B=3Cbr=3E =3Cbr=3E Also can we get rid of the internal admin or better just disable internal authenticationt without problems=3F As we have ipa we don=27t want loca= l login enabled=2C but in emergency situations we might need to turn it on quickly=2E=3Cbr=3E =3Cbr=3E =3Cpre wrap=3D=22=22=3EYes=2C you can disable the internal by creating= /etc/ovirt-engine/engine=2Econf=2Ed/50-disable-internal=2Econf --- ENGINE=5FEXTENSION=5FENABLED=5Fbuiltin-authn-internal =3D false --- Hmmm=2E=2E=2E=2E we have a bug in this case=2E=2E=2E will fix=2C so let=27s= just disable the authz for now=2E --- ENGINE=5FEXTENSION=5FENABLED=5Finternal =3D false=3C/pre=3E =3Cbr=3E =3Cbr=3E =20= =3CBR /=3E =3CBR /=3E =3Cb style=3D=22color=3A=23604c78=22=3E=3C/b=3E=3Cbr=3E=3Cspan style=3D=22c= olor=3A=23604c78=3B=22=3E=3Cfont color=3D=22000000=22=3E=3Cspan style=3D=22= mso-fareast-language=3Aen-gb=3B=22 lang=3D=22NL=22=3EMet vriendelijke groet= =2C With kind regards=2C=3Cbr=3E=3Cbr=3E=3C/span=3EJorick Astrego=3C/font= =3E=3C/span=3E=3Cb style=3D=22color=3A=23604c78=22=3E=3Cbr=3E=3Cbr=3ENetbul= ae Virtualization Experts =3C/b=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3B= border-top=3A1px solid =23ccc=3B=22=3E=3Ctable style=3D=22width=3A 522px=22= =3E=3Ctbody=3E=3Ctr=3E=3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px= =22=3ETel=3A 053 20 30 270=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bf= ont-size=3A 10px=22=3Einfo=40netbulae=2Eeu=3C/td=3E =3Ctd style=3D=22wid= th=3A 130px=3Bfont-size=3A 10px=22=3EStaalsteden 4-3A=3C/td=3E =3Ctd sty= le=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EKvK 08198180=3C/td=3E=3C/tr= =3E=3Ctr=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size=3A 10px=22=3EFax= =3A 053 20 30 271=3C/td=3E =3Ctd style=3D=22width=3A 130px=3Bfont-size= =3A 10px=22=3Ewww=2Enetbulae=2Eeu=3C/td=3E =3Ctd style=3D=22width=3A 130= px=3Bfont-size=3A 10px=22=3E7547 TA Enschede=3C/td=3E =3Ctd style=3D=22w= idth=3A 130px=3Bfont-size=3A 10px=22=3EBTW NL821234584B01=3C/td=3E=3C/tr=3E= =3C/tbody=3E=3C/table=3E=3Cbr=3E=3Chr style=3D=22border=3Anone=3Bborder-top= =3A1px solid =23ccc=3B=22=3E=3CBR /=3E =3C/body=3E =3C/html=3E --------------030008080802090601070001--