[Ovirt-devel] Remote access with firefox to ovirt

Thomas von Steiger thomas.vonsteiger at bluewin.ch
Fri Jun 20 20:31:19 UTC 2008 

I'm wrong with that,
I forget rkt in ktutil, there are principels.
The Problem is:

[root at host ~]# kinit -k -t /etc/ovirtadmin.tab
kinit(v5): Cannot find KDC for requested realm while getting initial  
credentials

/etc/resolf.conf and /etc/krb5.conf is ready for that.

What i'm missing to configure on the host?

Thomas



On Jun 20, 2008, at 9:49 PM, Thomas von Steiger wrote:

> Hello Alan, Cris,
>
> Thank you for the answer. That's greate, spacewalk and ovirt...:-)
> For using kerberos are we don't need a principal in the keytab file  
> like ovirtadmin at PRIV.OVIRT.ORG ?
> Are there other ketabfiles because with kadmin.local listprincs the  
> principales are there. But not i the ovirt.keytab files.
>
> [root at management ~]# ktutil -t /usr/share/ovirt-wui/ovirt.keytab
> ktutil:  list
> slot KVNO Principal
> ---- ----  
> ---------------------------------------------------------------------
> ktutil:  quit
> [root at management ~]# ktutil -t /usr/share/ovirt-wui/ovirtadmin.tab
> ktutil:  list
> slot KVNO Principal
> ---- ----  
> ---------------------------------------------------------------------
> ktutil:
>
> kadmin.local:  addprinc root/admin
>
> With kadmin.local on the developer node i have no access to
> ktadd -k /usr/share/ovirt-wui/ovirtadmin.tab ovirtadmin at PRIV.OVIRT.ORG
>
>
> Thomas
>
>
>
>
> On Jun 20, 2008, at 4:55 PM, Alan Pevec wrote:
>
>> Chris Lalancette wrote:
>>> 3)  kinit ovirtadmin at PRIV.OVIRT.ORG (password is ovirt)
>>
>> I'm sorry, I misinformed Chris here: for ovirtadmin we create  
>> keytab which resets initial 'ovirt' to a random password.
>> You need to transfer ktab from 'developer' and kinit with it:
>> scp 192.168.50.2:/usr/share/ovirt-wui/ovirtadmin.tab .
>> kinit -k -t ovirtadmin.tab
>>> 4)  Start up firefox on your host machine, then go to  
>>> about:config, type in
>>> "negotiate", and then edit:
>>> network.negotiate-auth.delegation-uris -> priv.ovirt.org
>>> network.negotiate-auth.trusted-uris -> priv.ovirt.org
>>> That should be it; you should now be able to browse to http://192.168.50.2/ovirt
>>> and see the management WUI from the host machine.
>>
>> Access via IP won't work and it's not enough to add  
>> management.priv.ovirt.org to /etc/hosts
>> You need to set your DNS server to wui appliance, add to the top  
>> of /etc/resolv.conf:
>> nameserver 192.168.50.2
>>
>> restart firefox and access http://management.priv.ovirt.org/ovirt/
>>
>
> _______________________________________________
> Ovirt-devel mailing list
> Ovirt-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/ovirt-devel

More information about the ovirt-devel mailing list