On 12/06/2012 02:53 AM, yupzhang wrote: > HI Eric, > > I have a question about remote access and usermode: > > 1.Install a host with graphic,and then configure libvirt environment. > > 2.Login with non-root user.Then run: > $ virsh -c qemu:///system > Authenticate dialogue will pop up,input the root password,then > successfully connect qemu:///system. > > 3.On another host,connect the host in step 1 with ssh like this: > #ssh -X yuping(a)10.66.*.* > input yuping's password.Then ssh to remote yuping user successfully. > > 4.Run command: > $ virsh -c qemu:///system > error: authentication failed: Authorization requires authentication but > no agent is available. > > error: failed to connect to the hypervisor > > Is this a bug? I'm not sure about this,so confirm with you. Questions like this are better asked to the libvirt-users(a)redhat.com list, where there are more people available to answer the question. This particular email nearly got lost in the black hole of a hard disk failure on my end last week. Does the failure also happen when you use 'ssh -A -X' and/or 'ssh -Y' instead of plain 'ssh -X'? I suspect that this is an expected limitation of how polkit authentication works, where a local user can be trusted to provide the credentials needed, but where an ssh session is not a local user; but as I am not very familiar with the libvirt code that interacts with polkit, I recommend that you ask the list.

> In my opinion,this command should connect qemu:///system successfully > with input root password,even with ssh connect to non-root user,the > behaviour should keep same.Am I right? Authentication is a tricky matter - there is a difference between a local user and a user connected through ssh, at least in the eyes of polkit authentication, and I don't know if the behavior you observe is intentional or a bug.