[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt-users] [Freeipa-users] libvirt with vnc freeipa



Hi Natxo,

On Fri, 2012-11-30 at 13:06 +0100, Natxo Asenjo wrote:
> hi,
> 
> I'm following the howto on
> http://freeipa.org/page/Libvirt_with_VNC_Consoles to authenticate
> users voor virsh with ipa.
> 
> I have it mostly working :-) except for the fact that libvirtd is not
> respecting the sasl_allowed_username_list parameter.
> 
> If I do not set it, and I have a realm ticket, then I may login virsh
> or virtual manager and I get tickets for libvirt/vnc services.
> 
> If I do set it, then it tells me the client is not in the whitelist,
> so I cannot log in :-)
> 
> 
> 2012-11-30 12:00:53.403+0000: 7786: error :
> virNetSASLContextCheckIdentity:146 : SASL client admin not allowed in
> whitelist
> 2012-11-30 12:00:53.403+0000: 7786: error :
> virNetSASLContextCheckIdentity:150 : Client's username is not on the
> list of allowed clients
> 2012-11-30 12:00:53.403+0000: 7786: error :
> remoteDispatchAuthSaslStep:2447 : authentication failed:
> authentication failed
> 2012-11-30 12:00:53.415+0000: 7781: error : virNetSocketReadWire:999 :
> End of file while reading data: Input/output error
> 
> Is this a question for the libvirt folks or is it ok to post it here?

Seem more like a libvirt or maybe even a cyrus-sasl question but I would
be interested in knowing what is going on.

Have you used a full principal name including the realm in the list, or
just the bare user names ?

CCing libvirt-users.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]