10:07 p.m.
Hi list,
i have a problem with virt-manager authentication over tcp.
I tried it with virt-manager over non-TLS "TCP (SASL/Kerberos)" auth. and
the sasl mechanism "shadow".
The user (tested with unprivileged user and root) is allready in the group
libvirt(d) and the process is running as root.
The result on host:
Jan 18 21:05:31 host libvirtd: 21:05:31.620: error :
remoteDispatchAuthSaslStep:3691 : sasl step failed -20 (SASL(-13): user not
found: no secret in database)
on client (virt-manager gui):
...
('virtConnectOpenAuth() faild')
..
I have tested it with tool "testsaslauthd" and their result:
e.g.: # testsaslauthd -u root -p root
0: OK "Success."
When i set it manually with saslpasswd:
# saslpasswd2 -a libvirt root -p
it works.
Although I use, in the configuration of sasl, shadow, libvirt does not use
it (i think so).
Host:
debian6.0.3 (squeez)
libvirt 0.8.3 (deb)
sasl2.1.23 (deb)
:-)
Best regards,
Robyn
12:55 a.m.
Hi list,
I've been thinking and I think the right question is:
- about which is libvirt access to sasl, socket?
- which is transmitted?
and
- what is expected libvirt?
(e.g. shadow have no service/application assignment)
:) regards
Robyn
2012/1/18 Robyn Bachofer <r.bachofer(a)googlemail.com>
Hi list,
i have a problem with virt-manager authentication over tcp.
I tried it with virt-manager over non-TLS "TCP (SASL/Kerberos)" auth. and
the sasl mechanism "shadow".
The user (tested with unprivileged user and root) is allready in the group
libvirt(d) and the process is running as root.
The result on host:
Jan 18 21:05:31 host libvirtd: 21:05:31.620: error :
remoteDispatchAuthSaslStep:3691 : sasl step failed -20 (SASL(-13): user not
found: no secret in database)
on client (virt-manager gui):
...
('virtConnectOpenAuth() faild')
..
I have tested it with tool "testsaslauthd" and their result:
e.g.: # testsaslauthd -u root -p root
0: OK "Success."
When i set it manually with saslpasswd:
# saslpasswd2 -a libvirt root -p
it works.
Although I use, in the configuration of sasl, shadow, libvirt does not use
it (i think so).
Host:
debian6.0.3 (squeez)
libvirt 0.8.3 (deb)
sasl2.1.23 (deb)
:-)
Best regards,
Robyn
2:40 a.m.
On Fri, Jan 20, 2012 at 12:55:09AM +0100, Robyn Bachofer wrote:
Hi list,
I've been thinking and I think the right question is:
- about which is libvirt access to sasl, socket?
- which is transmitted?
and
- what is expected libvirt?
(e.g. shadow have no service/application assignment)
I'm not sure I understand your question, can you explain?
Dave
:) regards
Robyn
2012/1/18 Robyn Bachofer <r.bachofer(a)googlemail.com>
> Hi list,
>
> i have a problem with virt-manager authentication over tcp.
>
>
> I tried it with virt-manager over non-TLS "TCP (SASL/Kerberos)" auth. and
> the sasl mechanism "shadow".
> The user (tested with unprivileged user and root) is allready in the group
> libvirt(d) and the process is running as root.
>
> The result on host:
> Jan 18 21:05:31 host libvirtd: 21:05:31.620: error :
> remoteDispatchAuthSaslStep:3691 : sasl step failed -20 (SASL(-13): user not
> found: no secret in database)
>
> on client (virt-manager gui):
> ...
> ('virtConnectOpenAuth() faild')
> ..
>
>
> I have tested it with tool "testsaslauthd" and their result:
> e.g.: # testsaslauthd -u root -p root
> 0: OK "Success."
>
> When i set it manually with saslpasswd:
> # saslpasswd2 -a libvirt root -p
> it works.
>
> Although I use, in the configuration of sasl, shadow, libvirt does not use
> it (i think so).
>
> Host:
> debian6.0.3 (squeez)
> libvirt 0.8.3 (deb)
> sasl2.1.23 (deb)
>
> :-)
>
> Best regards,
> Robyn
>
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
8:01 a.m.
The tool for testing SASL-Authentication "testsaslauthd" uses sockets:
strace:
socket(PF_FILE, SOCK_STREAM, 0) = 3
connect(3, {sa_family=AF_FILE, path="/var/run/saslauthd/mux"}, 110) = 0
writev(3, [{"\0\4root\0\4root\0\4imap\0\0", 20}], 1) = 20
read(3, "\0\2", 2) = 2
read(3, "OK", 2)
and it is successfully (whatever service is set [-s servicename] or without
-s).
But how it makes libvirt? I can't trace it and i don't see it in
source-code of remote.c/h
understandable?
2012/1/20 Dave Allan <dallan(a)redhat.com>
On Fri, Jan 20, 2012 at 12:55:09AM +0100, Robyn Bachofer wrote:
> Hi list,
>
> I've been thinking and I think the right question is:
> - about which is libvirt access to sasl, socket?
> - which is transmitted?
> and
> - what is expected libvirt?
>
> (e.g. shadow have no service/application assignment)
I'm not sure I understand your question, can you explain?
Dave
> :) regards
>
> Robyn
>
>
>
>
> 2012/1/18 Robyn Bachofer <r.bachofer(a)googlemail.com>
>
> > Hi list,
> >
> > i have a problem with virt-manager authentication over tcp.
> >
> >
> > I tried it with virt-manager over non-TLS "TCP (SASL/Kerberos)"
auth.
and
> > the sasl mechanism "shadow".
> > The user (tested with unprivileged user and root) is allready in the
group
> > libvirt(d) and the process is running as root.
> >
> > The result on host:
> > Jan 18 21:05:31 host libvirtd: 21:05:31.620: error :
> > remoteDispatchAuthSaslStep:3691 : sasl step failed -20 (SASL(-13):
user not
> > found: no secret in database)
> >
> > on client (virt-manager gui):
> > ...
> > ('virtConnectOpenAuth() faild')
> > ..
> >
> >
> > I have tested it with tool "testsaslauthd" and their result:
> > e.g.: # testsaslauthd -u root -p root
> > 0: OK "Success."
> >
> > When i set it manually with saslpasswd:
> > # saslpasswd2 -a libvirt root -p
> > it works.
> >
> > Although I use, in the configuration of sasl, shadow, libvirt does not
use
> > it (i think so).
> >
> > Host:
> > debian6.0.3 (squeez)
> > libvirt 0.8.3 (deb)
> > sasl2.1.23 (deb)
> >
> > :-)
> >
> > Best regards,
> > Robyn
> >
> _______________________________________________
> libvirt-users mailing list
> libvirt-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
4623
days inactive
4625
days old
3 comments
2 participants
participants (2)
-
Dave Allan -
Robyn Bachofer