Bug 1044014
| Summary: | When SSSD is installed, libvirt configuration requires authentication, but not clear to user | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | james labocki <jlabocki> |
| Component: | libvirt | Assignee: | Libvirt Maintainers <libvirt-maint> |
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | high | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 19 | CC: | berrange, clalancette, itamar, jforbes, jyang, laine, libvirt-maint, rjones, veillard, virt-maint |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | libguestfs-1.24.5-1.fc20 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-01-08 21:01:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 910269 | ||
|
Description
james labocki
2013-12-17 15:38:37 UTC
The libguestfs code actually provides its own auth callback for prompting the user for credentials, so if it wants to print some leading text like "Authentication required to connect to libvirt" then I think it ought to be able todo that. The error message libvirt provides here is mostly inherited from the error message from SASL. I'm loathe to remove this data from SASL since it is sometimes important to have. Libvirt could however provide a specific error code VIR_ERR_AUTHENTICATION_FAILED to allow apps like libguestfs to identify authentication failures without having todo string matching, which would in turn let them display a friendlier error by default. guestfish/virt-tar-out use the libvirt virConnectAuthPtrDefault (default auth handler) function. See the function guestfs___open_libvirt_connection here, else clause: https://github.com/libguestfs/libguestfs/blob/master/src/libvirt-auth.c#L162 A simple change (to libvirt) would be for this handler to print a message saying that authentication is required for libvirt, since at the moment it's not clear who is asking for authentication for what. A VIR_ERR_AUTHENTICATION_FAILED error code would also be welcome. It's going to be hard to modify virConnectAuthPtrDefault because it is allocated statically and therefore it cannot access the current connection handle (eg. to print out the URI). Therefore I propose a workaround in libguestfs instead: https://www.redhat.com/archives/libguestfs/2014-January/msg00003.html However this is only compile tested. I can't test this with current libvirt because it is broken (bug 1047861). Since this is on a critical codepath I don't want to add this patch without proper testing. This is fixed/worked around in libguestfs 1.25.20. libguestfs will now print: libvirt needs authentication to connect to libvirt URI [uri here] (see also: http://libvirt.org/auth.html http://libvirt.org/uri.html) Enter username for [server]: libguestfs-1.24.5-1.fc20 has been submitted as an update for Fedora 20. https://admin.fedoraproject.org/updates/libguestfs-1.24.5-1.fc20 libguestfs-1.24.5-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report. |