Bug 1388083 - Use mod_auth_gssapi and mod_session instead of mod_auth_kerb for Kerberos SSO
Summary: Use mod_auth_gssapi and mod_session instead of mod_auth_kerb for Kerberos SSO
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Virtualization Manager
Classification: Red Hat
Component: ovirt-engine-extension-aaa-ldap
Version: unspecified
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: ovirt-4.0.5
: 4.0.5
Assignee: Martin Perina
QA Contact: Gonza
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-10-24 12:13 UTC by Martin Perina
Modified: 2016-11-16 15:32 UTC (History)
10 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Red Hat Enterprise Linux 6 used mod_auth_kerb to setup Kerberos SSO, but this module has been deprecated; mod_auth_gssapi is used instead. This update ensures mod_auth_gssapi and mod_session is used, and that example configurations have been updated. For existing customers, mod_auth_kerb will continue to work with previous versions of Red Hat Enterprise Virtualization.
Clone Of:
Environment:
Last Closed: 2016-11-16 15:32:23 UTC
oVirt Team: Infra
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2798 0 normal SHIPPED_LIVE ovirt-engine-extension-aaa-ldap bug fix and enhancement update for RHV 4.0.5 2016-11-16 20:29:00 UTC
oVirt gerrit 65682 0 None MERGED Use mod_auth_gssapi instead of mod_auth_kerb 2020-08-10 09:50:15 UTC

Description Martin Perina 2016-10-24 12:13:40 UTC 
Description of problem:

On EL6 we have used mod_auth_kerb to setup Kerberos SSO, but this module is no longer developed and it's proposed to use mod_auth_gssapi instead. So for new installation we propose to use mod_auth_gssapi along with mod_session and we need to update examples configurations which are used and documented by BZ1368452.

Existing customers don't need to change anything, mod_auth_kerb will continue to work as in previous RHV releases.


Version-Release number of selected component (if applicable):

RHV 4.0

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Martin Perina 2016-10-31 10:54:35 UTC 
Fix is contained in ovirt-engine-extension-aaa-ldap-1.2.2 package
Comment 3 Martin Perina 2016-10-31 11:11:32 UTC 
Moving back to MODIFIED, we need to include new package into 4.0.5 release
Comment 5 Gonza 2016-11-07 12:09:06 UTC 
Verified with:
rhevm-4.0.5.5-0.1.el7ev.noarch
mod_session-2.4.6-40.el7_2.4.x86_64
mod_auth_gssapi-1.3.1-3.el7_2.x86_64
Comment 7 errata-xmlrpc 2016-11-16 15:32:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2798.html
Note You need to log in before you can comment on or make changes to this bug.