[ovirt-users] Problem with kerberos authentication and ovirt-engine-sdk-python
Ondra Machacek
omachace at redhat.com
Fri Sep 4 14:51:21 UTC 2015
Hi,
maybe I am wrong, but I think you didn't properly setup your ovirt to
support kerberos.
You have to use new AAA, do you use it? It's not working with legacy
manage-domains.
Please see these[1][2] links.
Ondra
[1] http://www.ovirt.org/Features/AAA
[2]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0
On 09/04/2015 04:34 PM, Martynov Alexander wrote:
> Hello. I have problem with kerberos authentication. I use ovirt-engine-sdk-python from https://github.com/oVirt/ovirt-engine-sdk.git.
>
> I have RHEL manager and IPA server.
>
> I created a virtual machine and installed RedHat 7.0 on the vm.
> I did command ipa-client-install on this vm. Command id diplayed a valid value for user admin.
> I got with wget ca.crt file from manager.
>
> When I executed following commands:
> api = API(url="https://rhevm.dev.ru/ovirt-engine/api", username="admin at dev.ru", password="something", ca_file = "/tmp/ca.crt")
> that's all correct. I got api and I could use this api.
>
> Then:
> I cloned git repo
> git clone https://github.com/oVirt/ovirt-engine-sdk.git
> created ovirt-engine-sdk-python rpm with kerberos authentication support.
> make rpm
> installed this package on my vm.
> rpm -ihv ovirt-engine-sdk-python-4.0.0.0-0.1.el7.noarch.rpm
> I got kerberos ticket:
> kinit admin
> klist displayed that is valid ticket.
> And when I executed following commands:
> api = API(url="https://rhevm.dev.ru/ovirt-engine/api", kerberos = True, ca_file = "/tmp/ca.crt")
> I got error 401 Unauthorized.
>
> Is what is incorrect?
>
> Redhat 7.0, RHEL 3.5
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
More information about the Users
mailing list