[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] Libvirt Auth



2010/3/3 Marco Mornati <mmornati byte-code com>:
>
>> Ah, the authentication callback is used for hypervisor level
>> authentication. You cannot provide credentials for SSH transport level
>> authentication through the libvirt API. You'll need to setup the SSL
>> certificates properly to enable automatic SSH login if you don't want
>> to be prompted for the SSH credentials.
>>
>> Matthias
>
> Ohh... ok... it's not really what I want (because I could have many
> different machines to configure).
> Reading to libvirt sources (the c file) it seams that auth callbacks
> should be used also for the ssh code (inside openSSHSession method):
>
> virConnectCredential creds[] = {
>            {VIR_CRED_PASSPHRASE, "password", "Password", NULL, NULL,
> 0},
>        };
>
>        if (!auth || !auth->cb) {
>            PHYP_ERROR(conn, VIR_ERR_AUTH_FAILED,
>                       "%s", _("No authentication callback provided."));
>            goto disconnect;
>        }
>
> maybe in some way it's possible to use ssh too with auth (I don't know
> but I want to try).
>
> Anyway, Matt, if I expose libvirt over tcp can I use it directly with
> provided callbacks?
>
> Thanks a lot
> Bye
> Marco
>

Don't mixup the internal of the IBM Power Hypervisor (phyp) driver and
the libvirt remote transport mechanisms. The phyp driver uses libssh2
internally and relies on the auth callback to let the user provide
credentials. This in not in any way related to the libvirt remote
transport mechanisms.

As I said before, the auth callback you can pass to virConnectOpenAuth
is not used for the libvirt SSH remote transport authentication. The
same it true for the TCP transport, it uses SASL for authentication by
default.

Matthias


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]