Re: [libvirt] Bug 736983 SSH GSSAPI login broken
On Fri, Sep 09, 2011 at 03:03:44PM +0200, Matthias Witte wrote:
Hi,
after I upgraded from libvirt-0.9.0 I noticed that GSSAPIAuthentication for
openssh was no longer working, I always ended up with the password prompt.
stracing and debug logging on the server revealed that gssapi was never
tried.
Adding KRB5CCNAME to the ssh command's environment solved the problem.
https://bugzilla.redhat.com/show_bug.cgi?id=736983
I would like to propose the following patch:
Index: libvirt-0.9.5-rc1/src/rpc/virnetsocket.c
===================================================================
--- libvirt-0.9.5-rc1.orig/src/rpc/virnetsocket.c 2011-09-08 19:37:31.000000000
+0200
+++ libvirt-0.9.5-rc1/src/rpc/virnetsocket.c 2011-09-08 19:37:54.000000000 +0200
@@ -615,6 +615,7 @@
cmd = virCommandNew(binary ? binary : "ssh");
virCommandAddEnvPassCommon(cmd);
+ virCommandAddEnvPass(cmd, "KRB5CCNAME");
virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
virCommandAddEnvPass(cmd, "SSH_ASKPASS");
virCommandAddEnvPass(cmd, "DISPLAY");
We should also pass through KRB5_KTNAME I believe
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|