From: "Jason Keltz" <jas(a)cse.yorku.ca>
To: "Alon Bar-Lev" <alonbl(a)redhat.com>
Cc: "users(a)ovirt.org >> users" <users(a)ovirt.org>
Sent: Monday, August 26, 2013 3:49:52 PM
Subject: Re: [Users] Is the feature Local Authentication abandoned?
On 08/24/2013 04:44 AM, Alon Bar-Lev wrote:
>
> ----- Original Message -----
>> From: "lofyer" <lofyer(a)gmail.com>
>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>> Cc: users(a)ovirt.org
>> Sent: Saturday, August 24, 2013 11:07:10 AM
>> Subject: Re: [Users] Is the feature Local Authentication abandoned?
>>
>> On 2013/8/24 15:56, Alon Bar-Lev wrote:
>>> ----- Original Message -----
>>>> From: "lofyer" <lofyer(a)gmail.com>
>>>> To: "Alon Bar-Lev" <alonbl(a)redhat.com>
>>>> Cc: users(a)ovirt.org
>>>> Sent: Saturday, August 24, 2013 10:47:21 AM
>>>> Subject: Re: [Users] Is the feature Local Authentication abandoned?
>>>>
>>>> On 2013/8/24 15:46, Alon Bar-Lev wrote:
>>>>> ----- Original Message -----
>>>>>> From: "lofyer" <lofyer(a)gmail.com>
>>>>>> To: users(a)ovirt.org
>>>>>> Sent: Saturday, August 24, 2013 10:36:12 AM
>>>>>> Subject: [Users] Is the feature Local Authentication abandoned?
>>>>>>
>>>>>> Is the feature Local Authentication abandoned in 3.3?
>>>>>> If not, what should I do to use it?
>>>>> Question is unclear.
>>>>>
>>>>> What do you call "Local Authentication", after setup
can't you login
>>>>> using
>>>>> admin user?
>>>> Sorry for that.
>>>> I mean, use users in /etc/passwd to login.
>>>>
>>> I never knew this is was an option.
>>>
>>> Or you mean something new that was planned somewhere?
>>>
>>> I am against of using native authentication for applications, as it
>>> enables
>>> more privileges that users should have.
>>>
>>> The proper way to do that is to use directory services, such as LDAP and
>>> integrate the nss of system and application to use that directory.
>>>
>>> Regards,
>>> Alon
>> I saw this
>>
from**http://www.ovirt.org/Features/Local_Authentication%E2%80%8E
>> So I thought it would be available now..
>>
>> It seems that I have to use ldap now.
>>
> In future you will be able to write plugin for authentication and
> authorization to do whatever you like.
>
> This is still work in progress as far as I can see[1].
>
> Alon
>
> [1]
>
http://gerrit.ovirt.org/#/q/status:open+project:ovirt-engine+branch:maste...
> _______________________________________________
> Users mailing list
> Users(a)ovirt.org
>
http://lists.ovirt.org/mailman/listinfo/users
While I think this is a great future addition, I really believe that the
default oVirt installation should include some form of integrated basic
authentication using the integrated DB! I was really surprised to see
this functionality missing. With the integrated DB, I have no idea why
the functionality isn't there. I know - it's all about priorities.
I fully agree with you.
I was also surprised that LDAP was developed before simple database.
While LDAP is common, still - not everyone uses it! If I was buying
RHEV, the lack of the basic built in authentication would have been a
show stopper for me. Do I *really* need to use LDAP when I've got a
total of about 4 people maintaining everything? In fact, even if I
*was* using LDAP, the virtualization infrastructure has enough of its
own complexity that I'd rather separate it from LDAP - one less thing to
go wrong. If I was buying RHEV, the lack of basic authentication would
have been a showstopper for me.
Jason.