Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.
First Last Prev Next    This bug is not in your last search results.
Bug 1145234 - [RFE] PYTHON-SDK: Add support for Kerberos authentication
[RFE] PYTHON-SDK: Add support for Kerberos authentication
Status: CLOSED ERRATA
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-sdk-python (Show other bugs)
3.5.0
Unspecified Unspecified
unspecified Severity unspecified
: ovirt-3.6.0-rc
: 3.6.0
Assigned To: Juan Hernández
Karolína Hajná
: FutureFeature
Depends On:
Blocks: 1145239 1249485 1252760
  Show dependency treegraph
 
Reported: 2014-09-22 11:25 EDT by Juan Hernández
Modified: 2016-03-09 14:55 EST (History)
11 users (show)

See Also:
Fixed In Version: ovirt-engine-sdk-python-3.6.0.0-0.1
Doc Type: Enhancement
Doc Text:
Previously, the Python SDK did not support authentication to a RHEV-M server that was configured with Kerberos and only supported authentication with a username and a password. Now, the Python SDK supports authentication using a previously obtained Kerberos ticket that is valid for the realm of the RHEV-M server. To authenticate using a Kerberos ticket first acquire the Kerberos ticket by using the kinit command, or another mechanism, then use the "kerberos=True" option in the constructor of the API object.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-03-09 14:55:54 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: Infra
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
sherold: Triaged+

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
oVirt gerrit 33064 None None None Never
oVirt gerrit 33221 master MERGED sdk: Add support for Kerberos authentication Never
Red Hat Product Errata RHEA-2016:0403 normal SHIPPED_LIVE rhevm-sdk-python bug fix and enhancement update 2016-03-09 19:04:56 EST

  None (edit)
Description Juan Hernández 2014-09-22 11:25:05 EDT 
The Python SDK should be able to take the credentials from the Kerberos cache and use them to authenticate against a Kerberos protected engine.

The flow will be as follow:

1. The user obtains a ticket granting ticket from the Kerberos realm, using the "kinit" command or any other tool.

2. The user uses the Python SDK, including in the constructor of the API object a parameter that indicates that Kerberos authentication is to be used:

  api = ovirtsdk.api.API(
    url="https://fedora.example.com/ovirt-engine/api",
    kerberos=True,
    ...
  )

3. The Python SDK takes the credentials from the Kerberos cache and uses them to authenticate to the oVirt Engine server.

Note that no user name or password will be provided to the Python SDK in this case, and that obtaining the initial TGT will not be the responsibility of the Python SDK.
Comment 1 Karolína Hajná 2015-07-13 07:50:18 EDT 
Verified on ovirt-engine-sdk-python-3.6.0.0-0.15.20150625.gitfc90daf.fc20.noarch
Comment 5 errata-xmlrpc 2016-03-09 14:55:54 EST 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0403.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.