[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] login and password in connection string for vmware hypervisors...



2011/3/8 john alexander sanabria ordonez <john sanabria correounivalle edu co>:
> Hi,
>
> I want submit commands against a VMWare hypervisor via virsh in a
> non-interactive way. I can connect to my [remote] hypervisor via virsh as
> follows:
>
> virsh -c gsx://ic-p19-01?no_verify=1
>
> then, it asks me for login and [root] password and I'm in.
> What mechanism can be used to submit commands, e.g. virsh -c
> gsx://localhost?no_verify list --all, with no password at all? A modified
> version of the connection string is required? what is the structure of that
> connection string? Additional parameters to the 'virsh' command?
>
> Thank you,
>

Currently that's an unsolved problem. The connection string is
considered to be public information, and libvirt doesn't support
passing secret information like a password via the connection string
because of this. That's the reason why only

virsh -c gsx://root ic-p19-01?no_verify=1

is supported, but the following isn't

virsh -c gsx://root:password ic-p19-01?no_verify=1

VMware ESX supports login via SSPI pass-through authentication. This
allows to login to an ESX server using your already authenticated
Windows session. The problem with SSPI is that it's Windows specific
and requires a domain controller, as far as I have understood it.

For non-Windows systems there is login via username and password only.
Currently libvirt support passing the username in the connection
string only. There is no mechanism to automatically pass the password
as well, yet.

One possibility could be to store the password in plaintext in your
home directory. For example in ~/.libvirt/credentials or maybe more
specific to the ESX driver as in ~/.libvirt/esx/credentials. The
format of the file could look like this

# <challenge>:<username>:<password>
ic-p19-01:root:password
192.168.5.10:root:f00baR

But storing passwords in plaintext isn't such a good idea. On the
other hand I don't see other options for automated login.

Matthias


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]