[ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting
aleksey.maksimov at it-kb.ru
aleksey.maksimov at it-kb.ru
Fri Sep 30 13:58:05 UTC 2016
# kinit aleksey
Password for aleksey at AD.HOLDING.COM: ***
# klist
Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
Default principal: aleksey at AD.HOLDING.COM
Valid starting Expires Service principal
09/30/2016 16:50:32 10/01/2016 02:50:32 krbtgt/AD.HOLDING.COM at AD.HOLDING.COM
renew until 10/07/2016 16:50:29
# curl --negotiate -u : -X GET -H "Accept: application/xml" -k https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<api>
... output truncated ...
</api>
It Works.
The browsers are configured.
Kerberos authentication for Windows web servers working successfully from Internet Explorer & Forefox
30.09.2016, 16:45, "Ondra Machacek" <omachace at redhat.com>:
> '/etc/httpd/s-oVirt-Krb.keytab' is apache keytab, you can't try to test
> login with it. You should try something like `kinit myuser` and then
> curl. And be sure that 'myuser' has appropriate permissions in oVirt.
>
> Do you have properly setup your browser and enabled negotiation (for
> example for firefox [1])?
>
> [1]
> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html
>
More information about the Users
mailing list