7.2. Remote Authentication Using GSSAPI
In the context of Red Hat Enterprise Virtualization, remote authentication refers to authentication that is handled remotely from the Red Hat Enterprise Virtualization Manager. Remote authentication is used for user or API connections coming to the Manager from within an AD or IPA domain. The Red Hat Enterprise Virtualization Manager must be configured by an administrator using the rhevm-manage-domains
tool to be a part of an AD or IPA domain. This requires that the Manager be provided with credentials for an account from the AD or IPA directory server for the domain with sufficient privileges to join a system to the domain. After domains have been added, domain users can be authenticated by the Red Hat Enterprise Virtualization Manager against the directory server using a password. The Manager uses a framework called the Simple Authentication and Security Layer (SASL) which in turn uses the Generic Security Services Application Program Interface (GSSAPI) to securely verify the identity of a user, and ascertain the authorization level available to the user.