[libvirt] Libvirt Auth
Matthias Bolte
matthias.bolte at googlemail.com
Wed Mar 3 21:47:53 UTC 2010
2010/3/3 Marco Mornati <mmornati at byte-code.com>:
>
>> Ah, the authentication callback is used for hypervisor level
>> authentication. You cannot provide credentials for SSH transport level
>> authentication through the libvirt API. You'll need to setup the SSL
>> certificates properly to enable automatic SSH login if you don't want
>> to be prompted for the SSH credentials.
>>
>> Matthias
>
> Ohh... ok... it's not really what I want (because I could have many
> different machines to configure).
> Reading to libvirt sources (the c file) it seams that auth callbacks
> should be used also for the ssh code (inside openSSHSession method):
>
> virConnectCredential creds[] = {
> {VIR_CRED_PASSPHRASE, "password", "Password", NULL, NULL,
> 0},
> };
>
> if (!auth || !auth->cb) {
> PHYP_ERROR(conn, VIR_ERR_AUTH_FAILED,
> "%s", _("No authentication callback provided."));
> goto disconnect;
> }
>
> maybe in some way it's possible to use ssh too with auth (I don't know
> but I want to try).
>
> Anyway, Matt, if I expose libvirt over tcp can I use it directly with
> provided callbacks?
>
> Thanks a lot
> Bye
> Marco
>
Don't mixup the internal of the IBM Power Hypervisor (phyp) driver and
the libvirt remote transport mechanisms. The phyp driver uses libssh2
internally and relies on the auth callback to let the user provide
credentials. This in not in any way related to the libvirt remote
transport mechanisms.
As I said before, the auth callback you can pass to virConnectOpenAuth
is not used for the libvirt SSH remote transport authentication. The
same it true for the TCP transport, it uses SASL for authentication by
default.
Matthias
More information about the libvir-list
mailing list