Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1388083

Summary: Use mod_auth_gssapi and mod_session instead of mod_auth_kerb for Kerberos SSO
Product: Red Hat Enterprise Virtualization Manager Reporter: Martin Perina <mperina>
Component: ovirt-engine-extension-aaa-ldapAssignee: Martin Perina <mperina>
Status: CLOSED ERRATA QA Contact: Gonza <grafuls>
Severity: medium Docs Contact:
Priority: high    
Version: unspecifiedCC: bazulay, bgraveno, gklein, lsurette, lsvaty, melewis, mgoldboi, oourfali, Rhev-m-bugs, ykaul
Target Milestone: ovirt-4.0.5Keywords: ZStream
Target Release: 4.0.5   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Red Hat Enterprise Linux 6 used mod_auth_kerb to setup Kerberos SSO, but this module has been deprecated; mod_auth_gssapi is used instead. This update ensures mod_auth_gssapi and mod_session is used, and that example configurations have been updated. For existing customers, mod_auth_kerb will continue to work with previous versions of Red Hat Enterprise Virtualization.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-16 15:32:23 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: Infra RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Martin Perina 2016-10-24 12:13:40 UTC 
Description of problem:

On EL6 we have used mod_auth_kerb to setup Kerberos SSO, but this module is no longer developed and it's proposed to use mod_auth_gssapi instead. So for new installation we propose to use mod_auth_gssapi along with mod_session and we need to update examples configurations which are used and documented by BZ1368452.

Existing customers don't need to change anything, mod_auth_kerb will continue to work as in previous RHV releases.


Version-Release number of selected component (if applicable):

RHV 4.0

How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 2 Martin Perina 2016-10-31 10:54:35 UTC 
Fix is contained in ovirt-engine-extension-aaa-ldap-1.2.2 package
Comment 3 Martin Perina 2016-10-31 11:11:32 UTC 
Moving back to MODIFIED, we need to include new package into 4.0.5 release
Comment 5 Gonza 2016-11-07 12:09:06 UTC 
Verified with:
rhevm-4.0.5.5-0.1.el7ev.noarch
mod_session-2.4.6-40.el7_2.4.x86_64
mod_auth_gssapi-1.3.1-3.el7_2.x86_64
Comment 7 errata-xmlrpc 2016-11-16 15:32:23 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2798.html