----- Original Message ----- > From: "Roy Golan" <[email protected]> > To: "Martin Perina" <[email protected]>, "devel" <[email protected]> > Sent: Thursday, August 13, 2015 7:39:21 AM > Subject: Re: [ovirt-devel] AAA changes on 3.6 and master > > On 08/12/2015 01:11 PM, Martin Perina wrote: > > Hi, > > > > yesterday we merged couple of changes in the AAA area: > > > > 1. Legacy provider for 'internal' domain (3.6 and master) > > - it's still installed by default if aaa-jdbc provider > > is not present (details below) > > - UUID of 'admin@internal' user is no longer static, but > > for new installations UUID is generated > > - Password of 'admin@internal' is no longer saved in vdc_options table, > > but it's stored encoded in legacy internal provider config file > > (PREFIX/etc/ovirt-engine/extensions.d/internal-authn.properties) > > - If you want to change 'admin@internal' password please execute: > > > > PREFIX/bin/engine-setup \ > > > > --otopi-environment="OVESETUP_CONFIG/adminPassword=str:MY_PASSWORD" > > Is this supported in the answer file?
Yes > > > > replacing MY_PASSWORD with your new password > > > > > > 2. aaa-jdbc provider for 'internal' domain (3.6 and master) > > - this is new implementation of AAA provider which stores users/groups > > in database and provide (from engine point of view) same capabilities > > as aaa-ldap provider > > - on RPM installations it replaces legacy provider for 'internal' > > domain > > - it's configured automatically on RPM installations when running > > engine-setup > > - if you want to use it also in development environment, please do > > following steps: > > > > a. Checkout sources [1], build and install into your PREFIX > > > > b. Execute > > PREFIX/bin/engine-setup \ > > > > --otopi-environment="OVESETUP_CONFIG/adminPassword=str:MY_PASSWORD" > > > > This will replace legacy internal provider with aaa-jdbc one. > > > > > > 3. Legacy kerbldap provider (master only) > > - it has been dropped from the project > > - engine-setup will fail if you have kerbldap provider configured > > - you can either migrate to the new aaa-ldap provider using [2] > > or create new prefix without kerbldap provider config > > > > > > Thanks > > > > Martin Perina > > > > [1] > > https://gerrit.ovirt.org/#/admin/projects/ovirt-engine-extension-aaa-jdbc > > [2] > > https://github.com/machacekondra/ovirt-engine-kerbldap-migration/releases > > _______________________________________________ > > Devel mailing list > > [email protected] > > http://lists.ovirt.org/mailman/listinfo/devel > > _______________________________________________ Devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/devel
