Bug 805243 – [RFE] add some mechanism to pre-populate credentials for libvirt connections

Bugzilla will be upgraded to version 5.0. The upgrade date is tentatively scheduled for 2 December 2018, pending final testing and feedback.

Bug 805243 - [RFE] add some mechanism to pre-populate credentials for libvirt connections

Summary:	[RFE] add some mechanism to pre-populate credentials for libvirt connections

Status:	CLOSED ERRATA

Aliases:	None

Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	libvirt (Show other bugs)
Sub Component:
Version:	6.2
Hardware:	Unspecified Unspecified

Priority	unspecified Severity unspecified
Target Milestone:	rc
Target Release:	---
Assigned To:	Daniel Berrange
QA Contact:	Virtualization Bugs
Docs Contact:

URL:
Whiteboard:
Keywords:	FutureFeature

Depends On:
Blocks:	794644
	Show dependency tree / graph

Reported:	2012-03-20 13:35 EDT by Daniel Berrange
Modified:	2016-04-26 10:39 EDT (History)
CC List:	11 users (show)

See Also:
Fixed In Version:	libvirt-0.10.2-0rc1.el6
Doc Type:	Enhancement
Doc Text:	Feature: Provide support for a configuration file to allow authentication credentials to be pre-populated, avoiding interactive prompts. Reason: When connecting to libvirt some form of authentication may be required. Typically this results in interactive prompts presented to the user. When automating works scripts / background jobs, interactive prompts cannot be used. A means to pre-populate libvirt authentication credentials is required. Result (if any): The $HOME/.libvirt/auth.conf file can be used to supply authentication credentials for connections.
Story Points:	---
Clone Of:	794644
Environment:
Last Closed:	2013-02-21 02:09:00 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

External Trackers
Tracker	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0276	normal	SHIPPED_LIVE	Moderate: libvirt security, bug fix, and enhancement update	2013-02-20 16:18:26 EST

Groups: None (edit)

Comment 1 Daniel Berrange 2012-03-20 13:36:34 EDT

The following patch series adds support to pre-populate libvirt connection credentials using a simple config file

https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html

Comment 8 Dave Allan 2012-08-30 11:59:13 EDT

(In reply to comment #1)
> The following patch series adds support to pre-populate libvirt connection
> credentials using a simple config file
> 
> https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html

Dan, is this work committed, so this BZ can be put in POST?

Comment 9 Dave Allan 2012-09-11 21:52:34 EDT

If this work didn't get committed, please move back to assigned.

Comment 13 Huang Wenlong 2012-09-19 03:43:28 EDT

Hi, Daniel Berrange

I want to verify this bug , could you provide some steps to do that ? 
Thanks very much.


Wenlong

Comment 14 Daniel Berrange 2012-09-20 16:46:59 EDT

This feature is basically about providing a way to provide a username+ password when connecting to a libvirtd server configured with SASL Digest-MD5

To setup libvirtd auth config for username+password see this section:

   http://libvirt.org/auth.html#ACL_server_username

Check you can connect using virsh, and that you are prompted for username+password.

Next, to configure the libvirt client so that apps like virsh can get password/username from a config file follow this guide:

  http://libvirt.org/auth.html#Auth_client_config

if that is setup correctly, you should now be able to connect with virsh without password

Comment 15 Huang Wenlong 2012-09-21 01:06:00 EDT

Thanks, Daniel Berrange! 

Verify this bug with :
libvirt-0.10.2-0rc1.el6.x86_64 


Server : 
1)add configurations  in /etc/libvirt/libvirtd.conf

listen_tls = 0
listen_tcp = 1
auth_tcp = "sasl"

2) add sasl user 
# saslpasswd2 -a libvirt test
(input your passwd)
# sasldblistusers2 -f /etc/libvirt/passwd.db
test@intel-q9400-4-7.englab.nay.redhat.com: userPassword

3) restart libvirtd 


Client: 
1) add this file in the Client 
# cat /etc/libvirt/auth.conf

[credentials-sasl]
authname=test
password=redhat123

[auth-libvirt-10.66.85.231]
credentials=sasl

2) try to connect to server
#virsh -c qemu+tcp://10.66.85.231/system
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # 

No need pass to login , so bug is fixed

Comment 17 errata-xmlrpc 2013-02-21 02:09:00 EST

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html

Note You need to log in before you can comment on or make changes to this bug.