<div>Thx for answers.</div><div>�</div><div>�</div><div>15.04.2015, 14:22, "Alon Bar-Lev" <alonbl@redhat.com>:</div><blockquote type="cite"><p>----- Original Message -----</p><blockquote>�From: "Jorick Astrego" <<a href="mailto:j.astrego@netbulae.eu">j.astrego@netbulae.eu</a>><br />�To: <a href="mailto:users@ovirt.org">users@ovirt.org</a><br />�Sent: Wednesday, April 15, 2015 1:30:29 PM<br />�Subject: Re: [ovirt-users] Disable admin@internal account<br /><br /><br /><br />�On 04/15/2015 12:08 PM, �������� ������� wrote:<br /><br /><br /><br />�Hi community!<br />�The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says how to<br />�add users from external directory.<br />�But now i want to disable admin@internal account for security reasons and use<br />�it only for disaster recovery situations (or then ldaps servers not<br />�available). Can i do it?<br />�What are best practises for use only external directory?<br />�If i delete admin@internal account can i add it again?<br /><br /><br />�_______________________________________________<br />�Users mailing list <a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br />�<a href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a><br />�Should be possible last time I asked, see response below:<br /><br /><br /><br /><br />�Subject: Re: [ovirt-users] oVirt 3.5 and FreeIpa<br />�Date: Thu, 22 Jan 2015 06:59:52 -0500 (EST)<br />�From: Alon Bar-Lev <<a href="mailto:alonbl@redhat.com">alonbl@redhat.com</a>><br />�To: Jorick Astrego <<a href="mailto:j.astrego@netbulae.eu">j.astrego@netbulae.eu</a>><br />�CC: <a href="mailto:users@ovirt.org">users@ovirt.org</a><br />�<snip><br /><br />�Also can we get rid of the internal admin or better just disable internal<br />�authenticationt without problems? As we have ipa we don't want local login<br />�enabled, but in emergency situations we might need to turn it on quickly.<br /><br />�Yes, you can disable the internal by creating<br />�/etc/ovirt-engine/engine.conf.d/50-disable-internal.conf<br />�---<br />�ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false<br />�---<br /><br />�Hmmm.... we have a bug in this case... will fix, so let's just disable the<br />�authz for now.<br />�---<br />�ENGINE_EXTENSION_ENABLED_internal = false</blockquote></blockquote><div>�</div><div>This work well for me. Only one profile on the login page can be used.</div><div>�</div><blockquote type="cite"><blockquote></blockquote><p>should work now properly using:<br /><br />ENGINE_EXTENSION_ENABLED_builtin_authn_internal = false</p></blockquote><div>This does not work for me on�Version 3.5.1.1-1.el6. Account <a href="mailto:admin@internel">admin@internel</a>�can login.</div><div>�</div><div>�</div><blockquote type="cite"><p><br />_______________________________________________<br />Users mailing list<br /><a href="mailto:Users@ovirt.org">Users@ovirt.org</a><br /><a href="http://lists.ovirt.org/mailman/listinfo/users">http://lists.ovirt.org/mailman/listinfo/users</a></p></blockquote>