[ovirt-users] RESTAPI and kerberos authentication

Ondra Machacek omachace at redhat.com
Thu Apr 14 06:06:18 UTC 2016 

On 04/13/2016 10:43 PM, Marcel Galke wrote:
> Hello,
>
> I need to automatically create a list of all the VMs and the storage
> path to their disks in the data center for offline storage for desaster
> recovery. We have oVirt 3.6 and IPA 4.2.0.
> To achieve this my idea was to query the API using Kerberos
> authentication and a keytab. This could then run as cronjob.
> Using username and password is not an option.
>
> To configure oVirt for use with IPA I've run engine-manage-domains but
> the result is not exactly what I'm looking for (despite from the fact,
> that I can add direcotry users etc.).
> Next I tried the generic LDAP provider as per documentation
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Administration_Guide/sect-Directory_Users.html

Just to be sure did you followed these steps[1]?
If yes and it don't work, it would be nice if you can share a properties 
files you have and engine.log(the part when engine starts). Please also 
ensure twice you have correct permissions on properties files, keytab 
and apache confiig.

Also ensure your browser is correctly setup. Example for firefox[2].

It don't work only for API or for UserPortal and Webadmin as well? Or 
you set it up only for API?

[1] 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Virtualization/3.5/html/Administration_Guide/sect-Directory_Users.html#sect-Single_Sign-On_to_the_Administration_and_User_Portal
[2] 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/sso-config-firefox.html

>
> It was quite easy to get Apache to authenticate against IPA, but I did
> not manage to access the API. Each try ended with an "HTTP/1.1 401
> Unauthorized".
> At the moment Apache authentication appears first and then the RESTAPI
> auth dialog comes up.
> Some facts about my setup:
> oVirt Host:
> -OS: CentOS 6.7
> -Engine Version: 3.6
> IPA Host:
> -OS: CentOS 7.2
> -IPA Version: 4.2.0
>
>
> I might mix some things up. Please help me to find out how to achieve my
> goal. I can provide more information if required.
>
> Thanks a lot!
>
>
> Best regards
> Marcel
> _______________________________________________
> Users mailing list
> Users at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
>

More information about the Users mailing list