[ovirt-users] oVirt 4.0.4 and Active Directory Kerberos SSO for Administration/User Portal. Troubleshooting

aleksey.maksimov at it-kb.ru aleksey.maksimov at it-kb.ru
Fri Sep 30 13:58:05 UTC 2016

# kinit aleksey

Password for aleksey at AD.HOLDING.COM: ***

# klist

Ticket cache: KEYRING:persistent:0:krb_ccache_9W86VN9
Default principal: aleksey at AD.HOLDING.COM

Valid starting       Expires              Service principal
09/30/2016 16:50:32  10/01/2016 02:50:32  krbtgt/AD.HOLDING.COM at AD.HOLDING.COM
        renew until 10/07/2016 16:50:29

# curl --negotiate -u : -X GET -H "Accept: application/xml" -k https://kom-ad01-ovirt1.ad.holding.com/ovirt-engine/api

<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
 ... output truncated ...

It Works.
The browsers are configured.
Kerberos authentication for Windows web servers working successfully from Internet Explorer & Forefox

30.09.2016, 16:45, "Ondra Machacek" <omachace at redhat.com>:
> '/etc/httpd/s-oVirt-Krb.keytab' is apache keytab, you can't try to test
> login with it. You should try something like `kinit myuser` and then
> curl. And be sure that 'myuser' has appropriate permissions in oVirt.
> Do you have properly setup your browser and enabled negotiation (for
> example for firefox [1])?
> [1]
> https://docs.fedoraproject.org/en-US/Fedora/11/html/Security_Guide/sect-Security_Guide-Single_Sign_on_SSO-Configuring_Firefox_to_use_Kerberos_for_SSO.html

More information about the Users mailing list