[ovirt-users] Disable admin at internal account
Alon Bar-Lev
alonbl at redhat.com
Wed Apr 15 11:21:39 UTC 2015
----- Original Message -----
> From: "Jorick Astrego" <j.astrego at netbulae.eu>
> To: users at ovirt.org
> Sent: Wednesday, April 15, 2015 1:30:29 PM
> Subject: Re: [ovirt-users] Disable admin at internal account
>
>
>
> On 04/15/2015 12:08 PM, Николаев Алексей wrote:
>
>
>
> Hi community!
> The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says how to
> add users from external directory.
> But now i want to disable admin at internal account for security reasons and use
> it only for disaster recovery situations (or then ldaps servers not
> available). Can i do it?
> What are best practises for use only external directory?
> If i delete admin at internal account can i add it again?
>
>
> _______________________________________________
> Users mailing list Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> Should be possible last time I asked, see response below:
>
>
>
>
> Subject: Re: [ovirt-users] oVirt 3.5 and FreeIpa
> Date: Thu, 22 Jan 2015 06:59:52 -0500 (EST)
> From: Alon Bar-Lev <alonbl at redhat.com>
> To: Jorick Astrego <j.astrego at netbulae.eu>
> CC: users at ovirt.org
> <snip>
>
> Also can we get rid of the internal admin or better just disable internal
> authenticationt without problems? As we have ipa we don't want local login
> enabled, but in emergency situations we might need to turn it on quickly.
>
> Yes, you can disable the internal by creating
> /etc/ovirt-engine/engine.conf.d/50-disable-internal.conf
> ---
> ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false
> ---
>
> Hmmm.... we have a bug in this case... will fix, so let's just disable the
> authz for now.
> ---
> ENGINE_EXTENSION_ENABLED_internal = false
>
should work now properly using:
ENGINE_EXTENSION_ENABLED_builtin_authn_internal = false
More information about the Users
mailing list