Bug 1145239
| Summary: | [RFE] CLI: Add support for Kerberos authentication | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Virtualization Manager | Reporter: | Juan Hernández <juan.hernandez> |
| Component: | ovirt-engine-cli | Assignee: | Juan Hernández <juan.hernandez> |
| Status: | CLOSED ERRATA | QA Contact: | Jiri Belka <jbelka> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 3.5.0 | CC: | bazulay, gklein, iheim, lsurette, melewis, oramraz, pstehlik, rbalakri, Rhev-m-bugs, yeylon, ykaul |
| Target Milestone: | ovirt-3.6.0-rc | Keywords: | FutureFeature |
| Target Release: | 3.6.0 | Flags: | sherold:
Triaged+
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovirt-engine-cli-3.6.0.0-0.1 | Doc Type: | Enhancement |
| Doc Text: |
Previously, the CLI did not support authentication to a RHEV-M server that was configured with Kerberos and only supported authentication using a username and password. Now, the CLI supports authentication using a previously obtained Kerberos ticket by specifying the --kerberos command line option.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2016-03-09 19:54:26 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Infra | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1145234 | ||
| Bug Blocks: | 1252761 | ||
|
Description
Juan Hernández
2014-09-22 15:35:10 UTC
ok, ovirt-engine-cli-3.6.0.0-0.2.20150518.gite3609e3.el6.noarch [jirib@om-ovirt36 ~]$ ovirt-shell --kerberos -l https://`hostname`/api -c -A /etc/pki/ovirt-engine/ca.pem -E "list vms" [oVirt shell (connected)]# list vms id : 0ad991ea-ebe7-4f5d-b46e-a6c70f178836 name : vm [jirib@om-ovirt36 ~]$ klist Ticket cache: FILE:/tmp/krb5cc_500 Default principal: vdcadmin.LAB.ENG.BRQ.REDHAT.COM Valid starting Expires Service principal 08/04/15 10:12:25 08/05/15 10:12:25 krbtgt/BRQ-OPENLDAP.RHEV.LAB.ENG.BRQ.REDHAT.COM.LAB.ENG.BRQ.REDHAT.COM renew until 08/04/15 10:12:25 08/04/15 10:12:34 08/05/15 10:12:25 HTTP/om-ovirt36.rhev.lab.eng.brq.redhat.com@ renew until 08/04/15 10:12:25 08/04/15 10:12:34 08/05/15 10:12:25 HTTP/om-ovirt36.rhev.lab.eng.brq.redhat.com.LAB.ENG.BRQ.REDHAT.COM renew until 08/04/15 10:12:25 [jirib@om-ovirt36 ~]$ awk '$NF != "False" && !/^#/ { print }' .ovirtshellrc [cli] autoconnect = True [ovirt-shell] timeout = None url = https://om-ovirt36.rhev.lab.eng.brq.redhat.com/ovirt-engine/api kerberos = True session_timeout = None ca_file = /etc/pki/ovirt-engine/ca.pem key_file = None cert_file = None [jirib@om-ovirt36 ~]$ ovirt-shell -E "list vms" [oVirt shell (connected)]# list vms id : 0ad991ea-ebe7-4f5d-b46e-a6c70f178836 name : vm [jirib@om-ovirt36 ~]$ ovirt-shell --help 2>&1 | grep kerberos --kerberos use Kerberos authentication https://polarion.engineering.redhat.com/polarion/#/project/RHEVM3/testrun?id=jbelka_ovirtcli_krb5 Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-0406.html |