[prev in list] [next in list] [prev in thread] [next in thread]
List: libvirt-users
Subject: [libvirt-users] How to tell spicy client to use SASL authentication?
From: mordenkainen <mordenkainen () zoho ! com>
Date: 2016-10-13 22:22:00
Message-ID: 20161014012200.00cf7ede () paladin
[Download RAW message or body]
I'm using libvirt in desktop environment. Single host machine, pair of users, a few \
guest machines. The first thought was that unix socket restricted to specific group \
is just enough for authentication. But virsh has the power like sudo: you could \
define pool on real device and write anything on it. So I decided to authenticate \
with password for each virsh use. I'm using SASL + saslauthd + PAM for that case.
/etc/sasl2/libvirt.conf:
mech_list: PLAIN
pwcheck_method: saslauthd
/etc/sasl2/qemu.conf:
mech_list: PLAIN
pwcheck_method: saslauthd
/etc/pam.d/libvirt:
auth requisite pam_listfile.so item=group sense=allow \
file=/etc/libvirt/allow_group auth required pam_tally2.so \
onerr=succeed auth required pam_nologin.so
auth required pam_unix.so try_first_pass likeauth nullok
account requisite pam_listfile.so item=group sense=allow \
file=/etc/libvirt/allow_group account required pam_nologin.so
account required pam_unix.so
/etc/pam.d/qemu:
auth requisite pam_listfile.so item=group sense=allow \
file=/etc/libvirt/allow_group auth required pam_tally2.so \
onerr=succeed auth required pam_nologin.so
auth required pam_unix.so try_first_pass likeauth nullok
account requisite pam_listfile.so item=group sense=allow \
file=/etc/libvirt/allow_group account required pam_nologin.so
account required pam_unix.so
They are two identical configs for libvirt and for qemu. The first works flawlessly. \
virsh prompts for user and password and then login me to the shell.
But spicy fails. It prompts only for the password and fails after receiving it \
leaving error message in syslog:
Oct 13 23:24:21 paladin spicy[9001]: GSSAPI client step 1
What are the supposed actions I should perform to get further debug informations?
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic