[Users] call for suggests on oVirt authentication back-end (directory service, etc.)
Yair Zaslavsky
yzaslavs at redhat.com
Wed Oct 10 10:47:33 UTC 2012
On 10/10/2012 12:13 PM, Itamar Heim wrote:
> On 10/09/2012 03:56 PM, Alan Johnson wrote:
>> Thanks to Tim Hildred, I found out about the need to have a directory
>> server. Before I embark on this path, I thought I could ping the
>> community to get a since for what is common, easy, and/or available to
>> best suit our wants.
>>
>> First, what's the easiest one to setup and use? Something with a simple
>> GUI would be desirable: a webmin module perhaps?
>>
>> Most ideal would be something that is in line with our desire to move
>> towards single sign on, ultimately authenticating against Google Apps.
>> Does Google provide something supported? Is there something that can
>> proxy google apps auth to an oVirt supported protocol?
>>
>> Alternately, we have an LDAP server, but it does NOT store passwords,
>> and as such, does not provide authentication for anything. Will oVirt
>> store passwords for users created from such an LDAP service, or does
>> LDAP need to be the authority as well?
Currently oVirt code has SIMPLE and Kerberos authentication.
Queries that are not RootDSE queries must be authenticated.
>>
>> Finally, we also have NIS setup (thought we hope to get away from that
>> soon), so some means of authenticating through the systems local PAM
>> system would be the next most convenient.
>>
>> These are just thoughts and I am completely open to suggestions. Thanks
>> in advance for any input! =)
>
> in the future, well, everything is possible. for now, your choices are:
> freeIPA/IPA
> 389ds/RHDS
> MS AD
> Tivoli DS
>
> ovirt does not store passwords (other than for admin at internal)
>
>
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list