[libvirt] Bug 736983 SSH GSSAPI login broken

Mon Sep 12 13:57:18 UTC 2011

On Fri, Sep 09, 2011 at 03:03:44PM +0200, Matthias Witte wrote:
> Hi,
> 
> after I upgraded from libvirt-0.9.0 I noticed that GSSAPIAuthentication for
> openssh was no longer working, I always ended up with the password prompt.
> 
> stracing and debug logging on the server revealed that gssapi was never
> tried.
> 
> Adding KRB5CCNAME to the ssh command's environment solved the problem.
> 
> https://bugzilla.redhat.com/show_bug.cgi?id=736983
> 
> I would like to propose the following patch:
> 
> Index: libvirt-0.9.5-rc1/src/rpc/virnetsocket.c
> ===================================================================
> --- libvirt-0.9.5-rc1.orig/src/rpc/virnetsocket.c       2011-09-08 19:37:31.000000000 +0200
> +++ libvirt-0.9.5-rc1/src/rpc/virnetsocket.c    2011-09-08 19:37:54.000000000 +0200
> @@ -615,6 +615,7 @@
>  
>      cmd = virCommandNew(binary ? binary : "ssh");
>      virCommandAddEnvPassCommon(cmd);
> +    virCommandAddEnvPass(cmd, "KRB5CCNAME");
>      virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
>      virCommandAddEnvPass(cmd, "SSH_ASKPASS");
>      virCommandAddEnvPass(cmd, "DISPLAY");

We should also pass through KRB5_KTNAME I believe


Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|