Hi,
maybe I am wrong, but I think you didn't properly setup your ovirt to
support kerberos.
You have to use new AAA, do you use it? It's not working with legacy
manage-domains.
Please see these[1][2] links.
Ondra
[1] http://www.ovirt.org/Features/AAA
[2]
https://gerrit.ovirt.org/gitweb?p=ovirt-engine-extension-aaa-ldap.git;a=blob;f=README;hb=ovirt-engine-extension-aaa-ldap-1.0
On 09/04/2015 04:34 PM, Martynov Alexander wrote:
Hello. I have problem with kerberos authentication. I use
ovirt-engine-sdk-python from https://github.com/oVirt/ovirt-engine-sdk.git.
I have RHEL manager and IPA server.
I created a virtual machine and installed RedHat 7.0 on the vm.
I did command ipa-client-install on this vm. Command id diplayed a valid value
for user admin.
I got with wget ca.crt file from manager.
When I executed following commands:
api = API(url="https://rhevm.dev.ru/ovirt-engine/api";, username="ad...@dev.ru",
password="something", ca_file = "/tmp/ca.crt")
that's all correct. I got api and I could use this api.
Then:
I cloned git repo
git clone https://github.com/oVirt/ovirt-engine-sdk.git
created ovirt-engine-sdk-python rpm with kerberos authentication support.
make rpm
installed this package on my vm.
rpm -ihv ovirt-engine-sdk-python-4.0.0.0-0.1.el7.noarch.rpm
I got kerberos ticket:
kinit admin
klist displayed that is valid ticket.
And when I executed following commands:
api = API(url="https://rhevm.dev.ru/ovirt-engine/api";, kerberos = True, ca_file =
"/tmp/ca.crt")
I got error 401 Unauthorized.
Is what is incorrect?
Redhat 7.0, RHEL 3.5
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@ovirt.org
http://lists.ovirt.org/mailman/listinfo/users
