Hi Juan, Thank you. It’s working now and I can continue to testing the broker. I’ll revert it as soon as possible.
Regards, Jose El 14/04/2014, a las 11:47, Juan Hernandez <jhern...@redhat.com> escribió: > On 04/11/2014 11:28 PM, Jose Manuel Marquez Alhambra wrote: >> Hi, >> >> I’m testing a connection broker that uses oVirt's API. At the moment, the >> connection broker doesn’t work because it doesn’t send the basic >> authentication to oVirt's API. I contacted the developers and they're >> investigating the error. While they solve the error, I would like to >> continue testing the connection broker. Is there any way to disable auth >> basic in oVirt's API? >> >> I’m using it in a testing environment (oVirt 3.4 at CentOS 6), so I’m not >> worried about security risks. >> >> Thank you. >> >> Regards, >> >> Jose > > > Disabling authentication is very bad practice, but if you really need to > you can use the web server configuration to automatically add the > required "Authorization" header: > > 1. Compute the basic authentication token from your user name and > password. For example, if your password if your user is "admin@internal" > and your possword is "abcdefg": > > # echo -n admin@internal:abcdefg | base64 > YWRtaW5AaW50ZXJuYWw6YWJjZGVmZw== > > 2. Use the mod_headers module to append the authorization header to all > the requests directed to the RESTAPI, creating a file > disable-restapi-auth.conf in the /etc/httpd/conf.d directory, with the > following content: > > <Location /ovirt-engine/api> > RequestHeader set Authorization "Basic YWRtaW5AaW50ZXJuYWw6YWJjZGVmZw==" > </Location> > > Make sure that this file is readable only by root, as it contains your > password: > > # chmod u=r,g=,o= /etc/httpd/conf.d/disable-restapi-auth.conf > > 3. Restart the web server: > > # service httpd restart > > To make this a little bit more secure I would suggest to allow this > unauthenticated access available only to certain client IP addresses. > For example: > > <Location /ovirt-engine/api> > SetEnvIf Remote_Addr 192\.168\.122\.1 Disable_Auth > RequestHeader set Authorization "Basic > YWRtaW5AaW50ZXJuYWw6cmVkaGF0MTIz" env=Disable_Auth > </Location> > > As I said this is a very bad setting from a security point of view, so > remember to revert it as soon as the broker developers fix the error. > > -- > Dirección Comercial: C/Jose Bardasano Baos, 9, Edif. Gorbea 3, planta > 3ºD, 28016 Madrid, Spain > Inscrita en el Reg. Mercantil de Madrid – C.I.F. B82657941 - Red Hat S.L. _______________________________________________ Users mailing list Users@ovirt.org http://lists.ovirt.org/mailman/listinfo/users