[ovirt-users] Disable admin at internal account

Wed Apr 15 10:30:29 UTC 2015

On 04/15/2015 12:08 PM, Николаев Алексей wrote:
> Hi community!
>  
> The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says
> how to add users from external directory.
> But now i want to disable admin at internal
> <mailto:admin at internal> account for security reasons and use it only
> for disaster recovery situations (or then ldaps servers not
> available). Can i do it?
>  
> What are best practises for use only external directory?
> If i delete admin at internal <mailto:admin at internal> account can i add
> it again?
>
>
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
Should be possible last time I asked, see response below:

Subject: 	Re: [ovirt-users] oVirt 3.5 and FreeIpa
Date: 	Thu, 22 Jan 2015 06:59:52 -0500 (EST)
From: 	Alon Bar-Lev <alonbl at redhat.com>
To: 	Jorick Astrego <j.astrego at netbulae.eu>
CC: 	users at ovirt.org

<snip>

Also can we get rid of the internal admin or better just disable
internal authenticationt without problems? As we have ipa we don't want
local login enabled, but in emergency situations we might need to turn
it on quickly.

Yes, you can disable the internal by creating /etc/ovirt-engine/engine.conf.d/50-disable-internal.conf
---
ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false
---

Hmmm.... we have a bug in this case... will fix, so let's just disable the authz for now.
---
ENGINE_EXTENSION_ENABLED_internal = false

Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts 

----------------

	Tel: 053 20 30 270 	info at netbulae.eu 	Staalsteden 4-3A 	KvK 08198180
 	Fax: 053 20 30 271 	www.netbulae.eu 	7547 TA Enschede 	BTW NL821234584B01

----------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/users/attachments/20150415/d3fda1ba/attachment-0001.html>