[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [virt-tools-list] TLS authentification



Le jeudi 01 octobre 2009 à 15:02 +0200, Daniel Huhardeaux a écrit :
> Daniel Berteaud a écrit :
> > Le jeudi 01 octobre 2009 à 14:03 +0200, Daniel Huhardeaux a écrit :
> 
> [...]
> 
> >> On the client, it's another story. All certificats need to be located in 
> >> /etc/pki/[CA|libvirt] directories. Ok, can be. But other problem is with 
> >> the file names which are cacert.pem clientcert.pem and clientkey.pem
> >>
> >> How to get them renamed as I have 2 servers to connect on :-( ? At this 
> >> time I use same certs for both of them but that's not a solution.
> > 
> > I had the same problem, so for now, I've switched to SSH instead of TLS
> > (as I can manage different keys for different servers and automatically
> > choose the good one in .ssh/config).
> 
> But ssh you need to accept root connections, I can't agree with that.

No, you don't need root access. Just configure rw socket of libvirt with
770 permission (in libvirtd.conf), then create an unprivileged user and
put him in the libvirt group. Now you can connect to libvirt through SSH
using this user (in virt-manager use user host syntax instead of just
host)

Regards

> 
> > But it'd be great to be able to
> > specify CA, cert and key files on a per connection basis when adding a
> > new connection using TLS. We should also be able to specify certs files
> > for VNC connections (also on a per connection basis)
> 
> Same here ;-)
> 
> _______________________________________________
> virt-tools-list mailing list
> virt-tools-list redhat com
> https://www.redhat.com/mailman/listinfo/virt-tools-list
-- 
Daniel Berteaud
FIREWALL-SERVICES SARL.
Société de Services en Logiciels Libres
Technopôle Montesquieu
33650 MARTILLAC
Tel : 05 56 64 15 32
Fax : 05 56 64 15 32
Mail: daniel firewall-services com
Web : http://www.firewall-services.com


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]