Re: [libvirt] Bug 736983 SSH GSSAPI login broken

12 Sep 2011

On Fri, Sep 09, 2011 at 03:03:44PM +0200, Matthias Witte wrote:
...
Hi,
after I upgraded from libvirt-0.9.0 I noticed that GSSAPIAuthentication for
openssh was no longer working, I always ended up with the password prompt.
stracing and debug logging on the server revealed that gssapi was never
tried.
Adding KRB5CCNAME to the ssh command's environment solved the problem.
https://bugzilla.redhat.com/show_bug.cgi?id=736983
I would like to propose the following patch:
Index: libvirt-0.9.5-rc1/src/rpc/virnetsocket.c
===================================================================

--- libvirt-0.9.5-rc1.orig/src/rpc/virnetsocket.c       2011-09-08 19:37:31.000000000 +0200
+++ libvirt-0.9.5-rc1/src/rpc/virnetsocket.c    2011-09-08 19:37:54.000000000 +0200
@@ -615,6 +615,7 @@
cmd = virCommandNew(binary ? binary : "ssh");
     virCommandAddEnvPassCommon(cmd);
+    virCommandAddEnvPass(cmd, "KRB5CCNAME");
     virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
     virCommandAddEnvPass(cmd, "SSH_ASKPASS");
     virCommandAddEnvPass(cmd, "DISPLAY");
We should also pass through KRB5_KTNAME I believe


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

    

Re: [libvirt] Bug 736983 SSH GSSAPI login broken

Daniel P. Berrange