Bug 794644 - [RFE] add some mechanism to pass credentials to remote-viewer
[RFE] add some mechanism to pass credentials to remote-viewer
Status: CLOSED CURRENTRELEASE
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: virt-viewer (Show other bugs)
6.2
Unspecified Unspecified
medium Severity medium
: rc
: ---
Assigned To: Daniel Berrange
Virtualization Bugs
: FutureFeature
: 911624 (view as bug list)
Depends On: 805243
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-17 02:49 EST by Gerd Hoffmann
Modified: 2016-04-26 11:44 EDT (History)
13 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
: 805243 (view as bug list)
Environment:
Last Closed: 2013-08-08 10:06:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Gerd Hoffmann 2012-02-17 02:49:04 EST
Description of problem:
It is impossible to pass a password to remote-viewer on startup, simliar to 'spicec --password $secret'.
Comment 2 Marc-Andre Lureau 2012-03-01 10:50:46 EST
Gerd, should the password be part of spice URI? or a seperate --password argument?
Comment 3 Gerd Hoffmann 2012-03-02 02:30:52 EST
Put it into the URI is insane IMHO.  Needs to be a separate arg.  Daniel mentioned he would put it into a file to (a) avoid the password being visible in the ps listing and (b) allow to easily support other auth schemes too.
Comment 4 Daniel Berrange 2012-03-02 05:00:27 EST
My intention is to create a config file for authentication credentials that we can use for any libvirt client app. Kind of like the traditional $HOME/.netrc, but with a more extensible format, so we can store arbitrary libvirt/vnc/spice credentials for any SASL auth scheme.
Comment 6 Daniel Berrange 2012-03-20 13:37:45 EDT
The following patch series provides support for a $HOME/.libvirt/auth.conf for libvirt SASL credentials:

https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html

The intent is that virt-viewer also read this file to extract VNC and/or SPICE credentials, so we have all credentials in one place.
Comment 7 Marc-Andre Lureau 2012-03-20 13:49:06 EDT
(In reply to comment #6)
> The following patch series provides support for a $HOME/.libvirt/auth.conf for
> libvirt SASL credentials:
> 
> https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html
> 
> The intent is that virt-viewer also read this file to extract VNC and/or SPICE
> credentials, so we have all credentials in one place.

That sounds reasonable, although I would really appreciate if it uses a path under ~/.config (XDG_CONFIG_PATH) first.
Comment 8 Gerd Hoffmann 2012-03-21 09:41:59 EDT
Re #6: I'd like to have some way to specify alternative (temporary) config file.  Use case is connecting to rhev / ovirt, where you get a temporary password (called ticket) to connect.  Writing that to a permanent config file is pretty pointless.

Also I somehow think ~/.libvirt/... is a bit misplaced for remote-viewer, whereas it makes perfect sense for virt-viewer of course.
Comment 10 RHEL Product and Program Management 2012-07-10 04:50:14 EDT
This request was not resolved in time for the current release.
Red Hat invites you to ask your support representative to
propose this request, if still desired, for consideration in
the next release of Red Hat Enterprise Linux.
Comment 11 RHEL Product and Program Management 2012-07-10 22:00:14 EDT
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development.  This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Comment 12 Christophe Fergeau 2012-07-13 10:29:36 EDT
(In reply to comment #8)
> Re #6: I'd like to have some way to specify alternative (temporary) config
> file.  Use case is connecting to rhev / ovirt, where you get a temporary
> password (called ticket) to connect. 
> 

Another way of achieving this usecase is https://www.redhat.com/archives/virt-tools-list/2012-June/msg00091.html , which I should get back to work on...
Comment 13 Daniel Berrange 2013-02-18 08:03:19 EST
*** Bug 911624 has been marked as a duplicate of this bug. ***
Comment 14 Marc-Andre Lureau 2013-06-04 11:18:39 EDT
Christophe sent a patch series:
http://lists.freedesktop.org/archives/spice-devel/2013-June/013582.html
Comment 15 Marc-Andre Lureau 2013-07-22 14:09:14 EDT
Gerd

remote-viewer can take a .vv file with a password inside, since 0.5.5

I think the bug should thus be closed, and re-open/re-created with a different goal, which would be something like "stored password / config". If I undetstand Daniel correctly, that would be something left to do.

(the spice-gtk patches sent by Christophe was rejected, on the basis that we need a more general solution for virt-viewer)
Comment 16 Gerd Hoffmann 2013-07-31 06:41:22 EDT
(In reply to Marc-Andre Lureau from comment #15)
> Gerd
> 
> remote-viewer can take a .vv file with a password inside, since 0.5.5
> 
> I think the bug should thus be closed, and re-open/re-created with a
> different goal, which would be something like "stored password / config". If
> I undetstand Daniel correctly, that would be something left to do.
> 
> (the spice-gtk patches sent by Christophe was rejected, on the basis that we
> need a more general solution for virt-viewer)

Installed 0.5.6.  Neither man-page nor --help output give a hint what a .vv file is and how it works, care to explain?
Comment 17 Marc-Andre Lureau 2013-08-08 09:55:30 EDT
(In reply to Gerd Hoffmann from comment #16)
> Installed 0.5.6.  Neither man-page nor --help output give a hint what a .vv
> file is and how it works, care to explain?

This is now covered by bug 970825.

Should we close that bug?
Comment 18 Gerd Hoffmann 2013-08-08 10:03:50 EDT
Yep, can be closed.

Note You need to log in before you can comment on or make changes to this bug.