Re: [ovirt-users] Disable admin@internal account

[Николаев Алексей]

Thx for answers.  15.04.2015, 14:22, "Alon Bar-Lev" :- Original Message - From: "Jorick Astrego" <j.astr...@netbulae.eu> To: users@ovirt.org Sent: Wednesday, April 15, 2015 1:30:29 PM Subject: Re: [ovirt-users] Disable admin@internal account On 04/15/2015 12:08 PM, Николаев Алексей wrote: Hi community! The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says how to add users from external directory. But now i want to disable admin@internal account for security reasons and use it only for disaster recovery situations (or then ldaps servers not available). Can i do it? What are best practises for use only external directory? If i delete admin@internal account can i add it again? ___ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users Should be possible last time I asked, see response below: Subject: Re: [ovirt-users] oVirt 3.5 and FreeIpa Date: Thu, 22 Jan 2015 06:59:52 -0500 (EST) From: Alon Bar-Lev <alo...@redhat.com> To: Jorick Astrego <j.astr...@netbulae.eu> CC: users@ovirt.org  Also can we get rid of the internal admin or better just disable internal authenticationt without problems? As we have ipa we don't want local login enabled, but in emergency situations we might need to turn it on quickly. Yes, you can disable the internal by creating /etc/ovirt-engine/engine.conf.d/50-disable-internal.conf --- ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false --- Hmmm we have a bug in this case... will fix, so let's just disable the authz for now. --- ENGINE_EXTENSION_ENABLED_internal = false This work well for me. Only one profile on the login page can be used. should work now properly using:ENGINE_EXTENSION_ENABLED_builtin_authn_internal = falseThis does not work for me on Version 3.5.1.1-1.el6. Account admin@internel can login.  ___Users mailing listUsers@ovirt.orghttp://lists.ovirt.org/mailman/listinfo/users___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Disable admin@internal account

[Alon Bar-Lev]

- Original Message -
> From: "Jorick Astrego" 
> To: users@ovirt.org
> Sent: Wednesday, April 15, 2015 1:30:29 PM
> Subject: Re: [ovirt-users] Disable admin@internal account
> 
> 
> 
> On 04/15/2015 12:08 PM, Николаев Алексей wrote:
> 
> 
> 
> Hi community!
> The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says how to
> add users from external directory.
> But now i want to disable admin@internal account for security reasons and use
> it only for disaster recovery situations (or then ldaps servers not
> available). Can i do it?
> What are best practises for use only external directory?
> If i delete admin@internal account can i add it again?
> 
> 
> ___
> Users mailing list Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
> Should be possible last time I asked, see response below:
> 
> 
> 
> 
> Subject:  Re: [ovirt-users] oVirt 3.5 and FreeIpa
> Date: Thu, 22 Jan 2015 06:59:52 -0500 (EST)
> From: Alon Bar-Lev 
> To:   Jorick Astrego 
> CC:   users@ovirt.org
> 
> 
> Also can we get rid of the internal admin or better just disable internal
> authenticationt without problems? As we have ipa we don't want local login
> enabled, but in emergency situations we might need to turn it on quickly.
> 
> Yes, you can disable the internal by creating
> /etc/ovirt-engine/engine.conf.d/50-disable-internal.conf
> ---
> ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false
> ---
> 
> Hmmm we have a bug in this case... will fix, so let's just disable the
> authz for now.
> ---
> ENGINE_EXTENSION_ENABLED_internal = false
> 

should work now properly using:

ENGINE_EXTENSION_ENABLED_builtin_authn_internal = false
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

Re: [ovirt-users] Disable admin@internal account

[Jorick Astrego]

On 04/15/2015 12:08 PM, Николаев Алексей wrote:
> Hi community!
>  
> The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says
> how to add users from external directory.
> But now i want to disable admin@internal
>  account for security reasons and use it only
> for disaster recovery situations (or then ldaps servers not
> available). Can i do it?
>  
> What are best practises for use only external directory?
> If i delete admin@internal  account can i add
> it again?
>
>
> ___
> Users mailing list
> Users@ovirt.org
> http://lists.ovirt.org/mailman/listinfo/users
Should be possible last time I asked, see response below:



Subject:Re: [ovirt-users] oVirt 3.5 and FreeIpa
Date:   Thu, 22 Jan 2015 06:59:52 -0500 (EST)
From:   Alon Bar-Lev 
To: Jorick Astrego 
CC: users@ovirt.org




Also can we get rid of the internal admin or better just disable
internal authenticationt without problems? As we have ipa we don't want
local login enabled, but in emergency situations we might need to turn
it on quickly.

Yes, you can disable the internal by creating 
/etc/ovirt-engine/engine.conf.d/50-disable-internal.conf
---
ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false
---

Hmmm we have a bug in this case... will fix, so let's just disable the 
authz for now.
---
ENGINE_EXTENSION_ENABLED_internal = false






Met vriendelijke groet, With kind regards,

Jorick Astrego

Netbulae Virtualization Experts 



Tel: 053 20 30 270  i...@netbulae.euStaalsteden 4-3A
KvK 08198180
Fax: 053 20 30 271  www.netbulae.eu 7547 TA Enschede
BTW NL821234584B01



___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users

[ovirt-users] Disable admin@internal account

[Николаев Алексей]

Hi community! The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says how to add users from external directory.But now i want to disable admin@internal account for security reasons and use it only for disaster recovery situations (or then ldaps servers not available). Can i do it? What are best practises for use only external directory?If i delete admin@internal account can i add it again?
___
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users