libvirtd auth for qemu+ssh connections
Fernando Lozano
fernando at lozano.eti.br
Wed Sep 18 14:10:51 UTC 2013
Hi,
I asked this before but as it was mixed with another question on the
same message I guess nobody noticed:
>>> I am experimenting with different security settings for libvirtd, so
>>> I can give sysadmins administrative access to the KVM hypervisor
>>> without giving them root access on the host. I had success using TLS
>>> (with client-certs) and SASL, but have not managed to make polkit
>>> and ssh to work so far.
>>>
>>> If I change /etc/libvirt/libvirtd.conf auth_tcp or auth_unix_rw a
>>> local virsh connection gets this error:
>>>
>>> "Authorization requires authentication but no agent is available"
>>>
>>> Thus I'm using "sasl" for tcp and "none" for the unix socket.
What should I have for libvirtd polkit authentication? I'd like to use
regular user PAM passwords (either from local files or from LDAP). But I
only managed to get working the other options: no auth, client-cert
(TLS) or SASL digest-md5 own password database.
>>> When I try a "qemu+ssh" remote virsh connection evething works fine.
I found no auth configuration on /etc/libvirt/libvirtd.conf for ssh
connections. This means they are using unix sockets, like they were
local connections?
[]s, Fernando Lozano
More information about the users
mailing list