[virt-tools-list] libvirtd auth for qemu+ssh connections

Fernando Lozano fernando at lozano.eti.br
Wed Sep 18 14:10:51 UTC 2013


I asked this before but as it was mixed with another question on the
same message I guess nobody noticed:
>>> I am experimenting with different security settings for libvirtd, so
>>> I can give sysadmins administrative access to the KVM hypervisor
>>> without giving them root access on the host. I had success using TLS
>>> (with client-certs) and SASL, but have not managed to make polkit
>>> and ssh to work so far.
>>> If I change /etc/libvirt/libvirtd.conf auth_tcp or auth_unix_rw  a
>>> local virsh connection gets this error:
>>> "Authorization requires authentication but no agent is available"
>>> Thus  I'm using "sasl" for tcp and "none" for the unix socket.
What should I have for libvirtd polkit authentication? I'd like to use
regular user PAM passwords (either from local files or from LDAP). But I
only managed to get working the other options: no auth, client-cert
(TLS) or SASL digest-md5 own password database.

>>> When I try a "qemu+ssh" remote virsh connection evething works fine.
I found no auth configuration on /etc/libvirt/libvirtd.conf for ssh
connections. This means they are using unix sockets, like they were
local connections?

[]s, Fernando Lozano

More information about the virt-tools-list mailing list