[Ovirt-devel] Remote access with firefox to ovirt
Thomas von Steiger
thomas.vonsteiger at bluewin.ch
Fri Jun 20 19:49:09 UTC 2008
Hello Alan, Cris,
Thank you for the answer. That's greate, spacewalk and ovirt...:-)
For using kerberos are we don't need a principal in the keytab file
like ovirtadmin at PRIV.OVIRT.ORG ?
Are there other ketabfiles because with kadmin.local listprincs the
principales are there. But not i the ovirt.keytab files.
[root at management ~]# ktutil -t /usr/share/ovirt-wui/ovirt.keytab
ktutil: list
slot KVNO Principal
---- ----
---------------------------------------------------------------------
ktutil: quit
[root at management ~]# ktutil -t /usr/share/ovirt-wui/ovirtadmin.tab
ktutil: list
slot KVNO Principal
---- ----
---------------------------------------------------------------------
ktutil:
kadmin.local: addprinc root/admin
With kadmin.local on the developer node i have no access to
ktadd -k /usr/share/ovirt-wui/ovirtadmin.tab ovirtadmin at PRIV.OVIRT.ORG
Thomas
On Jun 20, 2008, at 4:55 PM, Alan Pevec wrote:
> Chris Lalancette wrote:
>> 3) kinit ovirtadmin at PRIV.OVIRT.ORG (password is ovirt)
>
> I'm sorry, I misinformed Chris here: for ovirtadmin we create keytab
> which resets initial 'ovirt' to a random password.
> You need to transfer ktab from 'developer' and kinit with it:
> scp 192.168.50.2:/usr/share/ovirt-wui/ovirtadmin.tab .
> kinit -k -t ovirtadmin.tab
>> 4) Start up firefox on your host machine, then go to about:config,
>> type in
>> "negotiate", and then edit:
>> network.negotiate-auth.delegation-uris -> priv.ovirt.org
>> network.negotiate-auth.trusted-uris -> priv.ovirt.org
>> That should be it; you should now be able to browse to http://192.168.50.2/ovirt
>> and see the management WUI from the host machine.
>
> Access via IP won't work and it's not enough to add
> management.priv.ovirt.org to /etc/hosts
> You need to set your DNS server to wui appliance, add to the top of /
> etc/resolv.conf:
> nameserver 192.168.50.2
>
> restart firefox and access http://management.priv.ovirt.org/ovirt/
>
More information about the ovirt-devel
mailing list