[ovirt-users] sign-out with kerberos sso

Alon Bar-Lev alonbl at redhat.com
Wed Apr 8 02:58:51 EDT 2015



----- Original Message -----
> From: "Alastair Neil" <ajneil.tech at gmail.com>
> To: "Ovirt Users" <users at ovirt.org>
> Sent: Wednesday, April 8, 2015 6:37:20 AM
> Subject: Re: [ovirt-users] sign-out with kerberos sso
> 
> Just a quick follow up. I tried the 3.5.2 RC3 and same issue.
> 
> 
> On 7 April 2015 at 22:54, Alastair Neil < ajneil.tech at gmail.com > wrote:
> 
> 
> 
> I have been setting up aaa, following the recipe in the RedHat portal:
> 
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Administration_Guide/sect-Directory_Users.html#sect-Single_Sign-On_to_the_Administration_and_User_Portal
> 
> and I can successfully authenticate, however the Sign Out button does not
> clear the session properly and does nothing. I found this long standing bug
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=884653
> 
> this bug was updated last month as supposedly fixed by an errata release of
> RHEV 3.5.0.
> 
> I'm using FC20 with ovirt 3.5.1.1, Is there an equivalent fix in ovirt? If so
> how can I access it?
> 
> Thanks, Alastair

When authenticating using external component, in this case apache, the application cannot force the external component to logout, hence when you logout, you actually automatically log in again. The bug you refer to bug#884653 is not long standing issue, but describe exactly that, read the Doc Text field.

In 3.6.0 we hopefully have a switch user capability to enable switching from external to internal authentication.

However, when you use kerberos you probably want all users to be control using its policies.

Regards,
Alon


More information about the Users mailing list