[libvirt-users] acceptable SASL mechanisms/can libvirt authenticate against PAM
Josip Deanovic
djosip at linuxpages.org
Wed Dec 14 10:07:13 UTC 2011
On Wednesday 2011-12-14, Josip Deanovic wrote:
> On Wednesday 2011-12-14, Dave Allan wrote:
> > I was playing with SASL authentication a bit today and I wasn't able
> > to get libvirt to authenticate against PAM (or anything else except
> > the sasldb, although I didn't try Kerberos). Does anybody know off
> > the top of their head what mechanisms/password check options work?
> > I'm trying to figure out if I'm attempting the impossible.
> >
> > Dave
>
> Hi Dave,
>
> Here is my working configuration with sql backend. I am using postgres.
>
> mech_list: digest-md5
> pwcheck_method: auxprop
> auxprop_plugin: sql
> sql_engine: pgsql
> sql_hostnames: localhost
> sql_user: qemukvm
> sql_passwd: secret
> sql_database: qemukvmdb
> sql_select: select password from qemuusers where username = '%u'
>
>
> To make use of PAM as far as I know you will have to use saslauthd
> method.
>
> And here is the list of relevant sasl options (I am not sure if it's up
> to date): http://asyd.net/docs/cyrus-options.html
Sorry, I was mistakenly referring to sasl authentication for vnc client with
sasl support.
However, this configuration might work with libvit with little or no
modifications. However I never tried to authenticate to libvrit using sasl.
--
Josip Deanovic
More information about the libvirt-users
mailing list