----- Original Message ----- > From: "Jorick Astrego" <j.astr...@netbulae.eu> > To: users@ovirt.org > Sent: Wednesday, April 15, 2015 1:30:29 PM > Subject: Re: [ovirt-users] Disable admin@internal account > > > > On 04/15/2015 12:08 PM, Николаев Алексей wrote: > > > > Hi community! > The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says how to > add users from external directory. > But now i want to disable admin@internal account for security reasons and use > it only for disaster recovery situations (or then ldaps servers not > available). Can i do it? > What are best practises for use only external directory? > If i delete admin@internal account can i add it again? > > > _______________________________________________ > Users mailing list Users@ovirt.org > http://lists.ovirt.org/mailman/listinfo/users > Should be possible last time I asked, see response below: > > > > > Subject: Re: [ovirt-users] oVirt 3.5 and FreeIpa > Date: Thu, 22 Jan 2015 06:59:52 -0500 (EST) > From: Alon Bar-Lev <alo...@redhat.com> > To: Jorick Astrego <j.astr...@netbulae.eu> > CC: users@ovirt.org > <snip> > > Also can we get rid of the internal admin or better just disable internal > authenticationt without problems? As we have ipa we don't want local login > enabled, but in emergency situations we might need to turn it on quickly. > > Yes, you can disable the internal by creating > /etc/ovirt-engine/engine.conf.d/50-disable-internal.conf > --- > ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false > --- > > Hmmm.... we have a bug in this case... will fix, so let's just disable the > authz for now. > --- > ENGINE_EXTENSION_ENABLED_internal = false >
should work now properly using: ENGINE_EXTENSION_ENABLED_builtin_authn_internal = false _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users