490419 – virsh is not allowing for authentication credentials when connecting to the destination

Bug 490419 - virsh is not allowing for authentication credentials when connecting to the destination

Summary: virsh is not allowing for authentication credentials when connecting to the d...

Keywords:
Status:	CLOSED DUPLICATE of bug 490255
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libvirt
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	medium
Target Milestone:	---
Assignee:	Daniel Veillard
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2009-03-16 10:00 UTC by Alan Pevec
Modified:	2016-04-26 19:11 UTC (History)
CC List:	5 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-03-16 10:53:28 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Alan Pevec 2009-03-16 10:00:10 UTC

Created attachment 334466 [details]
the xml file to create the guest.

Description of problem:
tried to migrate living guest to other host,but got the error like this:
libvir:Remote error : Failed to start SASL negotiation: -4 (SASL (-4) : no mechanism available: No worthy mechs found) 

Version-Release number of selected component (if applicable):
libvirt-0.5.1

How reproducible:
Always

Steps to Reproduce:
[in the destination host]
1.#qemu-img create xxx.img XG (the image name and size are the same with the ones in source box)  
2.service libvirtd restart

[in the source box]
3.# virsh migrate --live single qemu+tcp://10.66.70.10/system
  
Actual results:
libvir:Remote error : Failed to start SASL negotiation: -4 (SASL (-4) : no mechanism available: No worthy mechs found) 

Expected results:
the guest could be migrated successfully


Additional info:
if there are two different company boxes (Intel and AMD) the migration won't succeed ,but will succeed in the same company boxes after shutoff the sasl authentication.

--- Additional comment from berrange on 2009-03-09 07:05:15 EDT ---

What SASL mechanism have you got enabled on the destination ?

I think the most likely cause of the problem is that virsh is not allowing for authentication credentials when connecting to the destination.

    /* Temporarily connect to the destination host. */
    dconn = virConnectOpen (desturi);
    if (!dconn) goto done;


When it should be using 

    ctl->conn = virConnectOpenAuth(ctl->name,
                                   virConnectAuthPtrDefault,
                                   ctl->readonly ? VIR_CONNECT_RO : 0);


to allow prompting of username + password for auth mechanisms which need it.

As it currently stands, only GSSAPI would work.

--- Additional comment from apevec on 2009-03-09 07:25:21 EDT ---

(In reply to comment #1)
> What SASL mechanism have you got enabled on the destination ?

Yeah, it's digest-md5 as configured in ovirt Node stand-alone mode.
 
> I think the most likely cause of the problem is that virsh is not allowing for
> authentication credentials when connecting to the destination.

yes, that was my conclusion after reading the source as well.

Changing to libvirt, do we also need to clone to Virt.Tools/libvirt or just change the Product to Virt.Tools?

Comment 1 Alan Pevec 2009-03-16 10:53:28 UTC


*** This bug has been marked as a duplicate of bug 490255 ***

Note You need to log in before you can comment on or make changes to this bug.