[ovirt-users] Disable admin at internal account

Alon Bar-Lev alonbl at redhat.com
Wed Apr 15 11:21:39 UTC 2015



----- Original Message -----
> From: "Jorick Astrego" <j.astrego at netbulae.eu>
> To: users at ovirt.org
> Sent: Wednesday, April 15, 2015 1:30:29 PM
> Subject: Re: [ovirt-users] Disable admin at internal account
> 
> 
> 
> On 04/15/2015 12:08 PM, Николаев Алексей wrote:
> 
> 
> 
> Hi community!
> The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says how to
> add users from external directory.
> But now i want to disable admin at internal account for security reasons and use
> it only for disaster recovery situations (or then ldaps servers not
> available). Can i do it?
> What are best practises for use only external directory?
> If i delete admin at internal account can i add it again?
> 
> 
> _______________________________________________
> Users mailing list Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> Should be possible last time I asked, see response below:
> 
> 
> 
> 
> Subject: 	Re: [ovirt-users] oVirt 3.5 and FreeIpa
> Date: 	Thu, 22 Jan 2015 06:59:52 -0500 (EST)
> From: 	Alon Bar-Lev <alonbl at redhat.com>
> To: 	Jorick Astrego <j.astrego at netbulae.eu>
> CC: 	users at ovirt.org
> <snip>
> 
> Also can we get rid of the internal admin or better just disable internal
> authenticationt without problems? As we have ipa we don't want local login
> enabled, but in emergency situations we might need to turn it on quickly.
> 
> Yes, you can disable the internal by creating
> /etc/ovirt-engine/engine.conf.d/50-disable-internal.conf
> ---
> ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false
> ---
> 
> Hmmm.... we have a bug in this case... will fix, so let's just disable the
> authz for now.
> ---
> ENGINE_EXTENSION_ENABLED_internal = false
> 

should work now properly using:

ENGINE_EXTENSION_ENABLED_builtin_authn_internal = false



More information about the Users mailing list