1145234 – [RFE] PYTHON-SDK: Add support for Kerberos authentication

Bug 1145234 - [RFE] PYTHON-SDK: Add support for Kerberos authentication

Summary: [RFE] PYTHON-SDK: Add support for Kerberos authentication

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Virtualization Manager
Classification:	Red Hat
Component:	ovirt-engine-sdk-python
Sub Component:
Version:	3.5.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	ovirt-3.6.0-rc
Target Release:	3.6.0
Assignee:	Juan Hernández
QA Contact:	Karolína Hajná
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1145239 1249485 1252760
TreeView+	depends on / blocked

Reported:	2014-09-22 15:25 UTC by Juan Hernández
Modified:	2016-03-09 19:55 UTC (History)
CC List:	11 users (show)
Fixed In Version:	ovirt-engine-sdk-python-3.6.0.0-0.1
Doc Type:	Enhancement
Doc Text:	Previously, the Python SDK did not support authentication to a RHEV-M server that was configured with Kerberos and only supported authentication with a username and a password. Now, the Python SDK supports authentication using a previously obtained Kerberos ticket that is valid for the realm of the RHEV-M server. To authenticate using a Kerberos ticket first acquire the Kerberos ticket by using the kinit command, or another mechanism, then use the "kerberos=True" option in the constructor of the API object.
Clone Of:
Environment:
Last Closed:	2016-03-09 19:55:54 UTC
oVirt Team:	Infra
Target Upstream Version:
Embargoed:
Flags:	sherold: Triaged+

Attachments	(Terms of Use)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHEA-2016:0403	normal	SHIPPED_LIVE	rhevm-sdk-python bug fix and enhancement update	2016-03-10 00:04:56 UTC
oVirt gerrit	33064	None	None	None	Never
oVirt gerrit	33221	master	MERGED	sdk: Add support for Kerberos authentication	Never

Description Juan Hernández 2014-09-22 15:25:05 UTC

The Python SDK should be able to take the credentials from the Kerberos cache and use them to authenticate against a Kerberos protected engine.

The flow will be as follow:

1. The user obtains a ticket granting ticket from the Kerberos realm, using the "kinit" command or any other tool.

2. The user uses the Python SDK, including in the constructor of the API object a parameter that indicates that Kerberos authentication is to be used:

  api = ovirtsdk.api.API(
    url="https://fedora.example.com/ovirt-engine/api",
    kerberos=True,
    ...
  )

3. The Python SDK takes the credentials from the Kerberos cache and uses them to authenticate to the oVirt Engine server.

Note that no user name or password will be provided to the Python SDK in this case, and that obtaining the initial TGT will not be the responsibility of the Python SDK.

Comment 1 Karolína Hajná 2015-07-13 11:50:18 UTC

Verified on ovirt-engine-sdk-python-3.6.0.0-0.15.20150625.gitfc90daf.fc20.noarch

Comment 5 errata-xmlrpc 2016-03-09 19:55:54 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-0403.html

Note You need to log in before you can comment on or make changes to this bug.