[Users] Adding Authentication mechanism to oVirt
Yaniv Kaul
ykaul at redhat.com
Mon Dec 10 21:58:30 UTC 2012
Wasn't it going to be deprecated?
http://tools.ietf.org/html/rfc6331
I do think the right way is SSL (LDAPS) support. Most LDAP servers (but Active Directory out of the box) support it.
Y.
----- Original Message -----
> Hi,
> Ovirt presently supports only GSSAPI and SIMPLE authentication
> against an LDAP server. The latter is far to weak to be used in a
> production environment. The first is only offered as an external
> authentication mechanism in many LDAP servers.
> I suggest adding DIGEST-MD5 support to oVirt which is a secured way
> of authenticating to an LDAP server and which is a required
> authentication mechanism in LDAPv3 specification. (see
> http://www.ietf.org/rfc/rfc2829.txt paragraph 4.2).
> This would make it possible to access every LDAP servers securely
> without the need to implement the GSSAPI mechanism.
> I also actively suggest to add support for the OpenLDAP Directory
> server. It is a widely used LDAP server (and the one we use at our
> University by the way...).
> Are there developers wishing to implement such support (DIGEST-MD5
> and OpenLDAP) ?
> Or please tell me what I should do to start implementing it ?
> Cheers,
> Thierry
> --
> signature-TK Thierry Kauffmann
> Chef du Service Informatique // Faculté des Sciences // Université de
> Montpellier 2
> SIF - Service Informatique de la Faculté
> des Sciences UM2 -
> Université de Montpellier 2 Service informatique de la Faculté des
> Sciences (SIF)
> Université de Montpellier 2
> CC437 // Place Eugène Bataillon // 34095 Montpellier Cedex 5
> Tél : 04 67 14 31 58
> email : thierry.kauffmann at univ-montp2.fr
> web : http://sif.info-ufr.univ-montp2.fr/
> http://www.fdsweb.univ-montp2.fr/
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121210/60864d5a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sif.png
Type: image/png
Size: 11755 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121210/60864d5a/attachment-0002.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: um2.png
Type: image/png
Size: 29129 bytes
Desc: not available
URL: <http://lists.ovirt.org/pipermail/users/attachments/20121210/60864d5a/attachment-0003.png>
More information about the Users
mailing list