Hi list,

I've been thinking and I think the right question is:
- about which is libvirt access to sasl, socket?
- which is transmitted?
and
- what is expected libvirt?

(e.g. shadow have no service/application assignment)


:) regards

Robyn




2012/1/18 Robyn Bachofer <r.bachofer@googlemail.com>
Hi list,

i have a problem with virt-manager authentication over tcp.


I tried it with virt-manager over non-TLS "TCP (SASL/Kerberos)" auth. and the sasl mechanism "shadow".
The user (tested with unprivileged user and root) is allready in the group libvirt(d) and the process is running as root.

The result on host:
Jan 18 21:05:31 host libvirtd: 21:05:31.620: error : remoteDispatchAuthSaslStep:3691 : sasl step failed -20 (SASL(-13): user not found: no secret in database)

on client (virt-manager gui):
...
('virtConnectOpenAuth() faild')
..


I have tested it with tool "testsaslauthd" and their result:
e.g.: # testsaslauthd -u root -p root
0: OK "Success."

When i set it manually with saslpasswd:
#  saslpasswd2 -a libvirt root -p
it works.

Although I use, in the configuration of sasl, shadow, libvirt does not use it (i think so).

Host:
debian6.0.3 (squeez)
libvirt 0.8.3 (deb)
sasl2.1.23 (deb)

:-)

Best regards,
Robyn