Problem with kerberos authentication and ovirt-engine-sdk-python
Hello. I have problem with kerberos authentication. I use ovirt-engine-sdk-python from https://github.com/oVirt/ovirt-engine-sdk.git. I have RHEL manager and IPA server. I created a virtual machine and installed RedHat 7.0 on the vm. I did command ipa-client-install on this vm. Command id diplayed a valid value for user admin. I got with wget ca.crt file from manager. When I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", username="admin@dev.ru", password="something", ca_file = "/tmp/ca.crt") that's all correct. I got api and I could use this api. Then: I cloned git repo git clone https://github.com/oVirt/ovirt-engine-sdk.git created ovirt-engine-sdk-python rpm with kerberos authentication support. make rpm installed this package on my vm. rpm -ihv ovirt-engine-sdk-python-4.0.0.0-0.1.el7.noarch.rpm I got kerberos ticket: kinit admin klist displayed that is valid ticket. And when I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", kerberos = True, ca_file = "/tmp/ca.crt") I got error 401 Unauthorized. Is what is incorrect? Redhat 7.0, RHEL 3.5
Hello. I have problem with kerberos authentication. I use ovirt-engine-sdk-python from https://github.com/oVirt/ovirt-engine-sdk.git. I have RHEL manager and IPA server. I created a virtual machine and installed RedHat 7.0 on the vm. I did command ipa-client-install on this vm. Command id diplayed a valid value for user admin. I got with wget ca.crt file from manager. When I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", username="admin@dev.ru", password="something", ca_file = "/tmp/ca.crt") that's all correct. I got api and I could use this api. Then: I cloned git repo git clone https://github.com/oVirt/ovirt-engine-sdk.git created ovirt-engine-sdk-python rpm with kerberos authentication support. make rpm installed this package on my vm. rpm -ihv ovirt-engine-sdk-python-4.0.0.0-0.1.el7.noarch.rpm I got kerberos ticket: kinit admin klist displayed that is valid ticket. And when I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", kerberos = True, ca_file = "/tmp/ca.crt") I got error 401 Unauthorized. Is what is incorrect? Redhat 7.0, RHEL 3.5
Hi, I guess this will be available only in 3.6, see[1]. You can probably use pre-release of the sdk for now. Regards, Alon [1] https://bugzilla.redhat.com/show_bug.cgi?id=1249485 ----- Original Message -----
From: "Martynov Alexander" <mas-developer@yandex.ru> To: users@ovirt.org Sent: Friday, September 4, 2015 5:34:55 PM Subject: [ovirt-users] Problem with kerberos authentication and ovirt-engine-sdk-python
Hello. I have problem with kerberos authentication. I use ovirt-engine-sdk-python from https://github.com/oVirt/ovirt-engine-sdk.git.
I have RHEL manager and IPA server.
I created a virtual machine and installed RedHat 7.0 on the vm. I did command ipa-client-install on this vm. Command id diplayed a valid value for user admin. I got with wget ca.crt file from manager.
When I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", username="admin@dev.ru", password="something", ca_file = "/tmp/ca.crt") that's all correct. I got api and I could use this api.
Then: I cloned git repo git clone https://github.com/oVirt/ovirt-engine-sdk.git created ovirt-engine-sdk-python rpm with kerberos authentication support. make rpm installed this package on my vm. rpm -ihv ovirt-engine-sdk-python-4.0.0.0-0.1.el7.noarch.rpm I got kerberos ticket: kinit admin klist displayed that is valid ticket. And when I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", kerberos = True, ca_file = "/tmp/ca.crt") I got error 401 Unauthorized.
Is what is incorrect?
Redhat 7.0, RHEL 3.5 _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
Hi, maybe I am wrong, but I think you didn't properly setup your ovirt to support kerberos. You have to use new AAA, do you use it? It's not working with legacy manage-domains. Please see these[1][2] links. Ondra [1] http://www.ovirt.org/Features/AAA [2] https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob... On 09/04/2015 04:34 PM, Martynov Alexander wrote:
Hello. I have problem with kerberos authentication. I use ovirt-engine-sdk-python from https://github.com/oVirt/ovirt-engine-sdk.git.
I have RHEL manager and IPA server.
I created a virtual machine and installed RedHat 7.0 on the vm. I did command ipa-client-install on this vm. Command id diplayed a valid value for user admin. I got with wget ca.crt file from manager.
When I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", username="admin@dev.ru", password="something", ca_file = "/tmp/ca.crt") that's all correct. I got api and I could use this api.
Then: I cloned git repo git clone https://github.com/oVirt/ovirt-engine-sdk.git created ovirt-engine-sdk-python rpm with kerberos authentication support. make rpm installed this package on my vm. rpm -ihv ovirt-engine-sdk-python-4.0.0.0-0.1.el7.noarch.rpm I got kerberos ticket: kinit admin klist displayed that is valid ticket. And when I executed following commands: api = API(url="https://rhevm.dev.ru/ovirt-engine/api", kerberos = True, ca_file = "/tmp/ca.crt") I got error 401 Unauthorized.
Is what is incorrect?
Redhat 7.0, RHEL 3.5 _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users
participants (4)
-
79160810031@yandex.ru -
Alon Bar-Lev -
Martynov Alexander -
Ondra Machacek