[Users] Adding Authentication mechanism to oVirt

Yaniv Kaul ykaul at redhat.com
Mon Dec 10 21:58:30 UTC 2012


Wasn't it going to be deprecated? 
http://tools.ietf.org/html/rfc6331 

I do think the right way is SSL (LDAPS) support. Most LDAP servers (but Active Directory out of the box) support it. 
Y. 

----- Original Message -----

> Hi,

> Ovirt presently supports only GSSAPI and SIMPLE authentication
> against an LDAP server. The latter is far to weak to be used in a
> production environment. The first is only offered as an external
> authentication mechanism in many LDAP servers.

> I suggest adding DIGEST-MD5 support to oVirt which is a secured way
> of authenticating to an LDAP server and which is a required
> authentication mechanism in LDAPv3 specification. (see
> http://www.ietf.org/rfc/rfc2829.txt paragraph 4.2).

> This would make it possible to access every LDAP servers securely
> without the need to implement the GSSAPI mechanism.

> I also actively suggest to add support for the OpenLDAP Directory
> server. It is a widely used LDAP server (and the one we use at our
> University by the way...).

> Are there developers wishing to implement such support (DIGEST-MD5
> and OpenLDAP) ?

> Or please tell me what I should do to start implementing it ?

> Cheers,

> Thierry

> --
> signature-TK Thierry Kauffmann
> Chef du Service Informatique // Faculté des Sciences // Université de
> Montpellier 2

> SIF - Service Informatique de la Faculté
> des Sciences	UM2 -
> Université de Montpellier 2	Service informatique de la Faculté des
> Sciences (SIF)
> Université de Montpellier 2
> CC437 // Place Eugène Bataillon // 34095 Montpellier Cedex 5

> Tél : 04 67 14 31 58
> email : thierry.kauffmann at univ-montp2.fr
> web : http://sif.info-ufr.univ-montp2.fr/
> http://www.fdsweb.univ-montp2.fr/

> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121210/60864d5a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sif.png
Type: image/png
Size: 11755 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121210/60864d5a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: um2.png
Type: image/png
Size: 29129 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121210/60864d5a/attachment-0003.png>


More information about the Users mailing list