Bug 861485

Summary: Add documentation to MCIG for kerberos authentication in cumin
Product: Red Hat Enterprise MRG Reporter: Chad Roberts <croberts>
Component: Management_Console_Installation_GuideAssignee: David Ryan <dryan>
Status: CLOSED CURRENTRELEASE QA Contact: Stanislav Graf <sgraf>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 2.2CC: chetan, esammons, iboverma, ltoscano, matt, rlandman, sgraf, tmckay
Target Milestone: 2.3   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 916732 (view as bug list) Environment:
Last Closed: 2013-03-19 16:39:17 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 799129    
Bug Blocks: 916732    
Deadline: 2012-12-03   

Description Chad Roberts 2012-09-28 19:31:31 UTC
Description of problem:  The MCIG needs to mention kerberos authentication in cumin.

See BZ 799129 for the functionality that needs to be documented.

Comment 2 Cheryn Tan 2012-11-16 01:56:34 UTC
Hi Chad, can you please provide some source content on how to configure Kerberos authentication? 

IIUC the affected section is:
* 4.7. Managing Users

http://documentation-devel.engineering.redhat.com/docs/en-US/Red_Hat_Enterprise_MRG/2/html-single/Management_Console_Installation_Guide/index.html

Thank you!

Comment 3 Chad Roberts 2012-11-16 19:42:47 UTC
To enable Kerberos authentication in cumin, you will need to make the following changes in /etc/cumin/cumin.conf.

[web]
auth: kerb #multiple values separated by semicolons if you also need ldap authentication
kerberos_server: <your kerberos server address>
kerberos_realm: <your kerberos realm>

Comment 4 Chad Roberts 2012-11-20 15:30:42 UTC
Additional information:

In order to be able to use kerberos authentication, the python-kerberos package is required (currently unavailable in el5).

Comment 5 Chad Roberts 2012-12-03 18:09:34 UTC
Update:  kerberos_server is no longer required (it is looked-up against values in krb5.conf at runtime using the kerberos_realm as the key)

[web]
auth: kerb #multiple values separated by semicolons if you also need ldap authentication
kerberos_realm: <your kerberos realm>

Comment 14 Stanislav Graf 2013-02-28 19:44:18 UTC
Revision 3.1-1	Thu Feb 28 2013

--> VERIFIED