[Ovirt-devel] virt-viewer plugin integration issues
Perry N. Myers
pmyers at redhat.com
Fri Aug 22 03:43:45 UTC 2008
Looking for some design advice from you guys. Here's the situation.
We want to be able to run virt-viewer to connect to oVirt Node guests from
hosts that are not part of the kerberos infrastructure. From my looking
around it seems we have the following options:
1. enable digest-md5 as an auth mech and do user/pass auth and setup a
simple service account just for virt-viewer (using qemu+tcp connect
2. use qemu+ssh to connect to libvirt on the Node
1 doesn't seem to work presently since virt-viewer won't prompt you for
user/password if digest-md5 is a valid auth method (is that because
virConnectOpenReadOnly is used instead of virConnectOpenAuth?) And even
if it were modified to prompt for a password that would happen on a shell
which may not exist if you're launching firefox from a desktop icon. We'd
need a graphical prompt for the user/pass or the ability to pass the
password as part of the uri perhaps.
2 is problematic since we'd have to set up ssh keys at build time and
distribute them as part of the appliance. Key management that we've been
trying to avoid with all of this.
Either of you have any suggestions on where we should go with this. Short
term we need a solution (even if it is slightly hackish) just to make the
console work. Longer term we need something more secure.
Dan you mentioned just falling back and using straight vnc plugin since we
don't need the vnc port lookup since oVirt Server has that info. That
doesn't work for when Node is in standalone mode with no server... And
besides in standalone mode libvirt has to do digest-md5 since we have no
kerberos infrastructure in that mode.
Speaking of that... Alan, for your standalone Node patches we need to
switch libvirt from gssapi to digest-md5 and create an account for people
to use... that account creation should be part of the Node first-boot
configuration TUI probably (along with setting the root passwd).
|=- Red Hat, Engineering, Emerging Technologies, Boston -=|
|=- Email: pmyers at redhat.com -=|
|=- Office: +1 412 474 3552 Mobile: +1 703 362 9622 -=|
|=- GnuPG: E65E4F3D 88F9 F1C9 C2F3 1303 01FE 817C C5D2 8B91 E65E 4F3D -=|
More information about the ovirt-devel