Bug 1345743

Summary: SASL authentication failed to create client context when connecting to libvirt daemon
Product: Red Hat Enterprise Linux 7 Reporter: Dan Zheng <dzheng>
Component: libvirtAssignee: Ján Tomko <jtomko>
Status: CLOSED ERRATA QA Contact: Virtualization Bugs <virt-bugs>
Severity: high Docs Contact:
Priority: high    
Version: 7.3CC: dyuan, dzheng, fjin, gsun, hhan, jtomko, lcheng, mzhan, rbalakri, yafu, ybronhei
Target Milestone: rcKeywords: Regression, TestBlocker
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: libvirt-2.0.0-1.el7 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-03 18:46:50 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1344890    

Description Dan Zheng 2016-06-13 06:24:54 UTC 
Description of problem:
SASL authentication failed to create client context. It does not happened with libvirt-1.3.4-1.el7.x86_64


Version-Release number of selected component:
libvirt-1.3.5-1.el7.x86_64
qemu-kvm-rhev-2.6.0-5.el7.x86_64
kernel-3.10.0-349.el7.x86_64

How reproducible:
100%

Steps to reproduce:
1. add auth_unix_rw="sasl" in the /etc/libvirt/libvirtd.conf
   add sasl user:
  #echo redhat | saslpasswd2 -p -a libvirt redhat

2. add auth.conf file in the /etc/libvirtd/
# cat /etc/libvirt/auth.conf
[credentials-sasl]
authname=test
password=redhat123
[auth-libvirt-localhost]
credentials=sasl

3. restart libvirtd
systemctl restart libvirtd

4. run virsh cmd
# virsh  -c qemu+unix:///system list
error: failed to connect to the hypervisor
error: authentication failed: Failed to create SASL client context: -7 (invalid parameter supplied)
----------------------------------------------------

Actual results:
See step 4.

Expected results:
Can succeed to connect libvirt daemon.

Additional information:
Comment 2 Han Han 2016-06-16 10:30:07 UTC 
The bug blocks vdsm being registered to RHEVM
Comment 4 Ján Tomko 2016-06-20 12:13:02 UTC 
*** Bug 1346371 has been marked as a duplicate of this bug. ***
Comment 5 Ján Tomko 2016-06-20 14:33:25 UTC 
Upstream patches:
https://www.redhat.com/archives/libvir-list/2016-June/msg01272.html
Comment 6 Ján Tomko 2016-06-23 20:43:41 UTC 
Pushed as:
commit 0f7eeb20ad92962f7d2fbf113bfde67b9abe2e44
Author:     Ján Tomko <jtomko>
CommitDate: 2016-06-23 22:15:06 +0200

    Revert "virnetsocket: Provide socket address format in a more standard form"

git describe: v1.3.5-415-g0f7eeb2
Comment 8 yafu 2016-07-25 09:51:03 UTC 
Reproduced with libvirt-1.3.5-1.el7.x86_64.
steps:
1.Add auth_unix_rw="sasl" in the /etc/libvirt/libvirtd.conf
   add sasl user:
  #echo redhat | saslpasswd2 -p -a libvirt redhat

2.Restart libvirtd service:
 #systemctl restart libvirtd

3.#virsh -c qemu+unix:///system
 error: failed to connect to the hypervisor
error: authentication failed: Failed to create SASL client context: -7 (invalid parameter supplied)


Verify pass with libvirt-2.0.0-3.el7.x86_64.
1.Do the step1-2 in the reproduced steps;

2.#virsh -c qemu+unix:///system
Please enter your authentication name: redhat
Please enter your password: 
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # 

  
3.Also pass with auth_tcp = "sasl" and auth_tls = "sasl" setting.
Comment 10 errata-xmlrpc 2016-11-03 18:46:50 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHSA-2016-2577.html