----- Original Message ----- > From: "Doron Fediuck" <[email protected]> > To: "Yair Zaslavsky" <[email protected]> > Cc: "Juan Hernandez" <[email protected]>, [email protected] > Sent: Sunday, February 10, 2013 11:02:39 AM > Subject: Re: [Engine-devel] Local Authentication Feature > > > > ----- Original Message ----- > > From: "Yair Zaslavsky" <[email protected]> > > To: "Doron Fediuck" <[email protected]> > > Cc: "Juan Hernandez" <[email protected]>, [email protected] > > Sent: Sunday, February 10, 2013 5:37:10 PM > > Subject: Re: [Engine-devel] Local Authentication Feature > > > > > > > > ----- Original Message ----- > > > From: "Doron Fediuck" <[email protected]> > > > To: "Juan Hernandez" <[email protected]> > > > Cc: [email protected] > > > Sent: Sunday, February 10, 2013 5:26:52 PM > > > Subject: Re: [Engine-devel] Local Authentication Feature > > > > > > > > > > > > ----- Original Message ----- > > > > From: "Juan Hernandez" <[email protected]> > > > > To: [email protected] > > > > Sent: Friday, February 8, 2013 7:50:36 PM > > > > Subject: [Engine-devel] Local Authentication Feature > > > > > > > > Hello, > > > > > > > > I would like to propose a new feature that allows > > > > authentication > > > > using > > > > the local user database. The details are here: > > > > > > > > http://www.ovirt.org/Features/Local_Authentication > > > > > > > > And the proposed change is available for review here: > > > > > > > > http://gerrit.ovirt.org/11863 > > > > > > > > I appreciate feedback. > > > > > > > > Thanks in advance, > > > > Juan Hernandez > > > > -- > > > > Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, > > > > planta > > > > 3ºD, 28016 Madrid, Spain > > > > Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - > > > > Red > > > > Hat > > > > S.L. > > > > > > Hi Juan, > > > Very happy to see this one which actually closes an annoying gap! > > > One thing which is missing is user management- add/remove/change > > > users and groups. If we do not plan to handle it within ovirt, > > > the > > > design should state it and explain how user management should > > > work. > > > > Shouldn't this be the same as in case of external directory > > service? > > i.e - you manage user/group at the directory service, and then you > > "populate" engine with it (by adding permissions to users/groups or > > adding explicitly new users/groups to engine?) > > > > > Also, what happens when a user is removed from the local DB- will > > > all references to him be removed? Groups? > > > > IMHO the behavior in this case should be as in case of current > > LdapBroker. > > > > This could be a decision but it's missing from the design. > The diff I see from current supported directory servers are that > they actually have their own management tools, which is not the > case for local DB. Again, you may state that the various userXXX > and groupXXX commandline utilities are the way to manage it, but > this is lacking from the design.
Local user support is a feature we certainly need, but somehow ssh'ing into the node feels wrong. A local db is better than the (creative) ssh hack. > > _______________________________________________ > Engine-devel mailing list > [email protected] > http://lists.ovirt.org/mailman/listinfo/engine-devel > _______________________________________________ Engine-devel mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-devel
