Hello,

I've recently configured a new virtual machine host running Ubuntu 12.04 server with libvirt and KVM. I am configuring WebVirtMgr (https://github.com/retspen/webvirtmgr/) for users to manage machines via a web interface. This requires access to the host using qemu+tcp, which I have configured as follows:

/etc/default/libvirt-bin:

start_libvirtd="yes"

libvirtd_opts="-d -l"

/etc/libvirt/libvirtd.conf:

listen_tls = 0

listen_tcp = 1

unix_sock_group = "libvirtd"

unix_sock_rw_perms = "0770"

auth_unix_ro = "none"

auth_unix_rw = "none"

auth_tcp = "sasl"

The libvirt documentation (http://libvirt.org/auth.html) does not specify if it is possible to use SASL with a different authentication method other than DIGEST-MD5. I would like to authenticate users via LDAP - is this possible? I configured LDAP authentication via SASL as follows:

/etc/sasl2/libvirt.conf

pwcheck_method: saslauthd

mech_list: PLAIN LOGIN

log_level: 5

saslauthd_path: /var/run/saslauthd/mux

auxprop_plugin: ldap

/etc/saslauthd.conf

ldap_servers: ldap://ldap_ip_addr:389/

ldap_search_base: ou=People,dc=x-es,dc=com

ldap_auth_method: none

ldap_filter: uid=%u

ldap_version: 3

/etc/default/saslauthd

START=yes

DESC="SASL Authentication Daemon"

NAME="saslauthd"

MECHANISMS="ldap"

MECH_OPTIONS=""

THREADS=5

OPTIONS="-O /etc/saslauthd.conf -c -m /var/run/saslauthd -r"

Testing the configuration works:

# testsaslauthd -u myuser -p mypass

0: OK "Success."

However, if I attempt to connect over the libvirt TCP connection I am denied:

virsh -c qemu+tcp://my_vm_host/system nodeinfo

error: authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: )

error: failed to connect to the hypervisor

Do you know what is incorrect in my libvirt config, or is it not possible to authenticate libvirt via SASL+LDAP? If not, is there somewhere that documents all of the supported mechanisms?

Thanks,

Andrew Martin