Re: [ovirt-users] Disable admin@internal account

Wed, 15 Apr 2015 07:24:16 -0700

Thx for answers.
 
 
15.04.2015, 14:22, "Alon Bar-Lev" <[email protected]>:

----- Original Message -----

 From: "Jorick Astrego" <[email protected]>
 To: [email protected]
 Sent: Wednesday, April 15, 2015 1:30:29 PM
 Subject: Re: [ovirt-users] Disable admin@internal account



 On 04/15/2015 12:08 PM, Николаев Алексей wrote:



 Hi community!
 The Red_Hat_Enterprise_Virtualization-3.5-Administration_Guide says how to
 add users from external directory.
 But now i want to disable admin@internal account for security reasons and use
 it only for disaster recovery situations (or then ldaps servers not
 available). Can i do it?
 What are best practises for use only external directory?
 If i delete admin@internal account can i add it again?


 _______________________________________________
 Users mailing list [email protected]
 http://lists.ovirt.org/mailman/listinfo/users
 Should be possible last time I asked, see response below:




 Subject: Re: [ovirt-users] oVirt 3.5 and FreeIpa
 Date: Thu, 22 Jan 2015 06:59:52 -0500 (EST)
 From: Alon Bar-Lev <[email protected]>
 To: Jorick Astrego <[email protected]>
 CC: [email protected]
 <snip>

 Also can we get rid of the internal admin or better just disable internal
 authenticationt without problems? As we have ipa we don't want local login
 enabled, but in emergency situations we might need to turn it on quickly.

 Yes, you can disable the internal by creating
 /etc/ovirt-engine/engine.conf.d/50-disable-internal.conf
 ---
 ENGINE_EXTENSION_ENABLED_builtin-authn-internal = false
 ---

 Hmmm.... we have a bug in this case... will fix, so let's just disable the
 authz for now.
 ---
 ENGINE_EXTENSION_ENABLED_internal = false
 
This work well for me. Only one profile on the login page can be used.
 

should work now properly using:

ENGINE_EXTENSION_ENABLED_builtin_authn_internal = false

This does not work for me on Version 3.5.1.1-1.el6. Account admin@internel can login.
 
 


_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users

_______________________________________________
Users mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/users

Reply via email to