Hi Natxo, On Fri, 2012-11-30 at 13:06 +0100, Natxo Asenjo wrote:
hi,
I'm following the howto on http://freeipa.org/page/Libvirt_with_VNC_Consoles to authenticate users voor virsh with ipa.
I have it mostly working :-) except for the fact that libvirtd is not respecting the sasl_allowed_username_list parameter.
If I do not set it, and I have a realm ticket, then I may login virsh or virtual manager and I get tickets for libvirt/vnc services.
If I do set it, then it tells me the client is not in the whitelist, so I cannot log in :-)
2012-11-30 12:00:53.403+0000: 7786: error : virNetSASLContextCheckIdentity:146 : SASL client admin not allowed in whitelist 2012-11-30 12:00:53.403+0000: 7786: error : virNetSASLContextCheckIdentity:150 : Client's username is not on the list of allowed clients 2012-11-30 12:00:53.403+0000: 7786: error : remoteDispatchAuthSaslStep:2447 : authentication failed: authentication failed 2012-11-30 12:00:53.415+0000: 7781: error : virNetSocketReadWire:999 : End of file while reading data: Input/output error
Is this a question for the libvirt folks or is it ok to post it here?
Seem more like a libvirt or maybe even a cyrus-sasl question but I would be interested in knowing what is going on. Have you used a full principal name including the realm in the list, or just the bare user names ? CCing libvirt-users. Simo. -- Simo Sorce * Red Hat, Inc * New York