[Engine-devel] Local Authentication Feature
Andrew Cathrow
acathrow at redhat.com
Sun Feb 10 17:21:32 UTC 2013
----- Original Message -----
> From: "Doron Fediuck" <dfediuck at redhat.com>
> To: "Yair Zaslavsky" <yzaslavs at redhat.com>
> Cc: "Juan Hernandez" <jhernand at redhat.com>, engine-devel at ovirt.org
> Sent: Sunday, February 10, 2013 11:02:39 AM
> Subject: Re: [Engine-devel] Local Authentication Feature
>
>
>
> ----- Original Message -----
> > From: "Yair Zaslavsky" <yzaslavs at redhat.com>
> > To: "Doron Fediuck" <dfediuck at redhat.com>
> > Cc: "Juan Hernandez" <jhernand at redhat.com>, engine-devel at ovirt.org
> > Sent: Sunday, February 10, 2013 5:37:10 PM
> > Subject: Re: [Engine-devel] Local Authentication Feature
> >
> >
> >
> > ----- Original Message -----
> > > From: "Doron Fediuck" <dfediuck at redhat.com>
> > > To: "Juan Hernandez" <jhernand at redhat.com>
> > > Cc: engine-devel at ovirt.org
> > > Sent: Sunday, February 10, 2013 5:26:52 PM
> > > Subject: Re: [Engine-devel] Local Authentication Feature
> > >
> > >
> > >
> > > ----- Original Message -----
> > > > From: "Juan Hernandez" <jhernand at redhat.com>
> > > > To: engine-devel at ovirt.org
> > > > Sent: Friday, February 8, 2013 7:50:36 PM
> > > > Subject: [Engine-devel] Local Authentication Feature
> > > >
> > > > Hello,
> > > >
> > > > I would like to propose a new feature that allows
> > > > authentication
> > > > using
> > > > the local user database. The details are here:
> > > >
> > > > http://www.ovirt.org/Features/Local_Authentication
> > > >
> > > > And the proposed change is available for review here:
> > > >
> > > > http://gerrit.ovirt.org/11863
> > > >
> > > > I appreciate feedback.
> > > >
> > > > Thanks in advance,
> > > > Juan Hernandez
> > > > --
> > > > Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3,
> > > > planta
> > > > 3ºD, 28016 Madrid, Spain
> > > > Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 -
> > > > Red
> > > > Hat
> > > > S.L.
> > >
> > > Hi Juan,
> > > Very happy to see this one which actually closes an annoying gap!
> > > One thing which is missing is user management- add/remove/change
> > > users and groups. If we do not plan to handle it within ovirt,
> > > the
> > > design should state it and explain how user management should
> > > work.
> >
> > Shouldn't this be the same as in case of external directory
> > service?
> > i.e - you manage user/group at the directory service, and then you
> > "populate" engine with it (by adding permissions to users/groups or
> > adding explicitly new users/groups to engine?)
> >
> > > Also, what happens when a user is removed from the local DB- will
> > > all references to him be removed? Groups?
> >
> > IMHO the behavior in this case should be as in case of current
> > LdapBroker.
> >
>
> This could be a decision but it's missing from the design.
> The diff I see from current supported directory servers are that
> they actually have their own management tools, which is not the
> case for local DB. Again, you may state that the various userXXX
> and groupXXX commandline utilities are the way to manage it, but
> this is lacking from the design.
Local user support is a feature we certainly need, but somehow ssh'ing into the node feels wrong.
A local db is better than the (creative) ssh hack.
>
> _______________________________________________
> Engine-devel mailing list
> Engine-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/engine-devel
>
More information about the Devel
mailing list