[libvirt-users] acceptable SASL mechanisms/can libvirt authenticate against PAM
Dave Allan
dallan at redhat.com
Wed Dec 14 17:39:13 UTC 2011
On Wed, Dec 14, 2011 at 11:07:13AM +0100, Josip Deanovic wrote:
> On Wednesday 2011-12-14, Josip Deanovic wrote:
> > On Wednesday 2011-12-14, Dave Allan wrote:
> > > I was playing with SASL authentication a bit today and I wasn't able
> > > to get libvirt to authenticate against PAM (or anything else except
> > > the sasldb, although I didn't try Kerberos). Does anybody know off
> > > the top of their head what mechanisms/password check options work?
> > > I'm trying to figure out if I'm attempting the impossible.
> > >
> > > Dave
> >
> > Hi Dave,
> >
> > Here is my working configuration with sql backend. I am using postgres.
> >
> > mech_list: digest-md5
> > pwcheck_method: auxprop
> > auxprop_plugin: sql
> > sql_engine: pgsql
> > sql_hostnames: localhost
> > sql_user: qemukvm
> > sql_passwd: secret
> > sql_database: qemukvmdb
> > sql_select: select password from qemuusers where username = '%u'
> >
> >
> > To make use of PAM as far as I know you will have to use saslauthd
> > method.
> >
> > And here is the list of relevant sasl options (I am not sure if it's up
> > to date): http://asyd.net/docs/cyrus-options.html
>
>
> Sorry, I was mistakenly referring to sasl authentication for vnc client with
> sasl support.
> However, this configuration might work with libvit with little or no
> modifications. However I never tried to authenticate to libvrit using sasl.
Good info nonetheless, thanks.
Dave
> --
> Josip Deanovic
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
More information about the libvirt-users
mailing list