[libvirt] Bug 736983 SSH GSSAPI login broken
Daniel P. Berrange
berrange at redhat.com
Mon Sep 12 13:57:18 UTC 2011
On Fri, Sep 09, 2011 at 03:03:44PM +0200, Matthias Witte wrote:
> Hi,
>
> after I upgraded from libvirt-0.9.0 I noticed that GSSAPIAuthentication for
> openssh was no longer working, I always ended up with the password prompt.
>
> stracing and debug logging on the server revealed that gssapi was never
> tried.
>
> Adding KRB5CCNAME to the ssh command's environment solved the problem.
>
> https://bugzilla.redhat.com/show_bug.cgi?id=736983
>
> I would like to propose the following patch:
>
> Index: libvirt-0.9.5-rc1/src/rpc/virnetsocket.c
> ===================================================================
> --- libvirt-0.9.5-rc1.orig/src/rpc/virnetsocket.c 2011-09-08 19:37:31.000000000 +0200
> +++ libvirt-0.9.5-rc1/src/rpc/virnetsocket.c 2011-09-08 19:37:54.000000000 +0200
> @@ -615,6 +615,7 @@
>
> cmd = virCommandNew(binary ? binary : "ssh");
> virCommandAddEnvPassCommon(cmd);
> + virCommandAddEnvPass(cmd, "KRB5CCNAME");
> virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
> virCommandAddEnvPass(cmd, "SSH_ASKPASS");
> virCommandAddEnvPass(cmd, "DISPLAY");
We should also pass through KRB5_KTNAME I believe
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
More information about the libvir-list
mailing list