Juan Hernandez has submitted this change and it was merged.
Change subject: sdk: Add support for Kerberos authentication
......................................................................
sdk: Add support for Kerberos authentication
This patch adds support for Kerberos authentication. To use it the user
must explicitly indicate it when creating the API object, for example:
Api api = new ApiBuilder()
.url("https://ovirt.example.com/ovirt-engine/api";)
.kerberos(true)
.build();
When doing this the SDK will take the credentials from the Kerberos
credentials cache and will use them to authenticate with the server.
Note that the Kerberos environment has to be configured correctly before
calling the SDK and that the creditials cache has to be already
populated, using the "kinit" command, for example.
In order to configure the environment two files are needed: the Kerberos
configuration file and the JAAS configuration file. The Kerberos
configuration file will usually existin "/etc/krb5.conf". The JAAS
configuration file won't probably exist. It needs to be created with
content similar to this:
com.sun.security.jgss.login {
com.sun.security.auth.module.Krb5LoginModule required client=true
useTicketCache=true;
};
com.sun.security.jgss.initiate {
com.sun.security.auth.module.Krb5LoginModule required client=true
useTicketCache=true;
};
com.sun.security.jgss.accept {
com.sun.security.auth.module.Krb5LoginModule required client=true
useTicketCache=true;
};
The location of this file isn't relevant, it just needs to be readable
by the JVM, it can be, for example, located in "/etc/jaas.conf".
In addition to these files the following system properties have to be
added to the JVM:
-Djava.security.auth.login.config=/etc/jaas.conf
-Djava.security.krb5.conf=/etc/krb5.conf
-Djavax.security.auth.useSubjectCredsOnly=false
Change-Id: Ide82e150a5b5b7e8ec9b83aa33c89f0c09656f99
Bug-Url: https://bugzilla.redhat.com/1145237
Signed-off-by: Juan Hernandez <juan.hernan...@redhat.com>
---
M
ovirt-engine-sdk-java-codegen/src/main/java/org/ovirt/engine/sdk/codegen/templates/ApiTemplate
M ovirt-engine-sdk-java/src/main/java/org/ovirt/engine/sdk/Api.java
M ovirt-engine-sdk-java/src/main/java/org/ovirt/engine/sdk/ApiBuilder.java
M
ovirt-engine-sdk-java/src/main/java/org/ovirt/engine/sdk/web/ConnectionsPoolBuilder.java
4 files changed, 141 insertions(+), 27 deletions(-)
Approvals:
Juan Hernandez: Verified; Looks good to me, approved
--
To view, visit http://gerrit.ovirt.org/33504
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Ide82e150a5b5b7e8ec9b83aa33c89f0c09656f99
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine-sdk-java
Gerrit-Branch: master
Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com>
Gerrit-Reviewer: Juan Hernandez <juan.hernan...@redhat.com>
Gerrit-Reviewer: Ravi Nori <rn...@redhat.com>
Gerrit-Reviewer: automat...@ovirt.org
Gerrit-Reviewer: oVirt Jenkins CI Server
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
