Red Hat Summit Red Hat SummitSupportConsoleDéveloppeursCommencer un essaiContact

Ce contenu n'est pas disponible dans la langue sélectionnée.

4.2. Configuring Single Sign-On for Virtual Machines

Configuring single sign-on, also known as password delegation, allows you to automatically log in to a virtual machine using the credentials you use to log in to the VM Portal. Single sign-on can be used on both Red Hat Enterprise Linux and Windows virtual machines.

Note

Single sign-on is not supported for virtual machines running Red Hat Enterprise Linux 8.0.

Important

If single sign-on to the VM Portal is enabled, single sign-on to virtual machines will not be possible. With single sign-on to the VM Portal enabled, the VM Portal does not need to accept a password, thus the password cannot be delegated to sign in to virtual machines.

To configure single sign-on for Red Hat Enterprise Linux virtual machines using GNOME and KDE graphical desktop environments and IPA (IdM) servers, you must install the ovirt-guest-agent package on the virtual machine and install the packages associated with your window manager.

Important

The following procedure assumes that you have a working IPA configuration and that the IPA domain is already joined to the Manager. You must also ensure that the clocks on the Manager, the virtual machine and the system on which IPA (IdM) is hosted are synchronized using NTP.

Note

Single sign-on with IPA (IdM) is deprecated for virtual machines running Red Hat Enterprise Linux version 7 or earlier and unsupported for virtual machines running Red Hat Enterprise Linux 8 or Windows operating systems.

Configuring Single Sign-On for Red Hat Enterprise Linux Virtual Machines

  1. Log in to the Red Hat Enterprise Linux virtual machine.

  2. Enable the repository:

    • For Red Hat Enterprise Linux 6: 

      # subscription-manager repos --enable=rhel-6-server-rhv-4-agent-rpms
      Copy to Clipboard Toggle word wrap

    • For Red Hat Enterprise Linux 7: 

      # subscription-manager repos --enable=rhel-7-server-rh-common-rpms
      Copy to Clipboard Toggle word wrap

  3. Download and install the guest agent, single sign-on, and IPA packages: 

    # yum install ovirt-guest-agent-common ovirt-guest-agent-pam-module ovirt-guest-agent-gdm-plugin ipa-client
    Copy to Clipboard Toggle word wrap

  4. Run the following command and follow the prompts to configure ipa-client and join the virtual machine to the domain: 

    # ipa-client-install --permit --mkhomedir
    Copy to Clipboard Toggle word wrap
    Note

    In environments that use DNS obfuscation, this command should be: 

    # ipa-client-install --domain=FQDN --server=FQDN
    Copy to Clipboard Toggle word wrap

  5. For Red Hat Enterprise Linux 7.2 and later: 

    # authconfig --enablenis --update
    Copy to Clipboard Toggle word wrap
    Note

    Red Hat Enterprise Linux 7.2 has a new version of the System Security Services Daemon (SSSD), which introduces configuration that is incompatible with the Red Hat Virtualization Manager guest agent single sign-on implementation. This command ensures that single sign-on works.

  6. Fetch the details of an IPA user: 

    # getent passwd ipa-user
    Copy to Clipboard Toggle word wrap

  7. Record the IPA user’s UID and GID: 

    ipa-user:*:936600010:936600001::/home/ipa-user:/bin/sh
    Copy to Clipboard Toggle word wrap

  8. Create a home directory for the IPA user: 

    # mkdir /home/ipa-user
    Copy to Clipboard Toggle word wrap

  9. Assign ownership of the directory to the IPA user: 

    # chown 936600010:936600001 /home/ipa-user
    Copy to Clipboard Toggle word wrap

Log in to the VM Portal using the user name and password of a user configured to use single sign-on and connect to the console of the virtual machine. You will be logged in automatically.

4.2.2. Configuring single sign-on for Windows virtual machines
Copier lien

To configure single sign-on for Windows virtual machines, the Windows guest agent must be installed on the guest virtual machine. The virtio-win ISO image provides this agent. If the virtio-win_version.iso image is not available in your storage domain, contact your system administrator.

Procedure

  1. Select the Windows virtual machine. Ensure the machine is powered up.
  2. On the virtual machine, locate the CD drive and open the CD.
  3. Launch virtio-win-guest-tools.
  4. Click Options
  5. Select Install oVirt Guest Agent.
  6. Click OK.
  7. Click Install.
  8. When the installation completes, you are prompted to restart the machine to apply the changes.

Log in to the VM Portal using the user name and password of a user configured to use single sign-on and connect to the console of the virtual machine. You will be logged in automatically.

4.2.3. Disabling Single Sign-on for Virtual Machines
Copier lien

The following procedure explains how to disable single sign-on for a virtual machine.

Disabling Single Sign-On for Virtual Machines

  1. Select a virtual machine and click Edit.
  2. Click the Console tab.
  3. Select the Disable Single Sign On check box.
  4. Click OK.
Retour au début
Red Hat logoGithubredditYoutubeTwitter

Apprendre

Essayez, achetez et vendez

Communautés

À propos de la documentation Red Hat

Nous aidons les utilisateurs de Red Hat à innover et à atteindre leurs objectifs grâce à nos produits et services avec un contenu auquel ils peuvent faire confiance. Découvrez nos récentes mises à jour.

Rendre l’open source plus inclusif

Red Hat s'engage à remplacer le langage problématique dans notre code, notre documentation et nos propriétés Web. Pour plus de détails, consultez le Blog Red Hat.

À propos de Red Hat

Nous proposons des solutions renforcées qui facilitent le travail des entreprises sur plusieurs plates-formes et environnements, du centre de données central à la périphérie du réseau.

Theme

© 2025 Red Hat