[Ovirt-devel] oVirt console (again!)

Richard W.M. Jones rjones at redhat.com
Tue Nov 11 16:09:45 UTC 2008

On Tue, Nov 11, 2008 at 04:48:04PM +0100, Gerd Hoffmann wrote:
> Gerd Hoffmann wrote:
> > Richard W.M. Jones wrote:
> >> The problem, as ever, is with Windows.  It's hard to set up a Windows
> >> client as a Kerberos client, so this won't just work.
> > Might be worth talking to the freeipa/samba folks maybe whenever it is
> > possible to make windows play nice here?
> Some doc reading and experiments later ...
> With MIT Kerberos for Windows installed the Windows machine can
> authenticate against freeipa.  Setup is pretty straight forward and
> described at the freeipa website.
> Requires that the applications support gssapi though.  Firefox can
> handle both ways (sspi == native windows with ADC, gssapi == MIT).
> To get the WUI on a windows box this must be setup anyway.  Then have
> libvirt auth via MIT-gssapi too should work nicely and probably without
> too much coding effort as gssapi at linux code is there already ...

I've been banging my head against NSS/NSPR all morning, so crypto
libraries & Mozilla are both generally driving me around the bend :-(

However last weekend I did find that someone has ported a part of
Cyrus SASL to Windows.  Good news that at least it's possible!
Unfortunately bad news that there's no source for their port (so we'll
have to recreate the techniques) and I suspect that it's only a
partial port and key bits may be missing.  Not looked into it in great
detail yet, but the binary is here:



Richard Jones, Emerging Technologies, Red Hat  http://et.redhat.com/~rjones
Read my OCaml programming blog: http://camltastic.blogspot.com/
Fedora now supports 68 OCaml packages (the OPEN alternative to F#)

More information about the ovirt-devel mailing list