Bug 805243 - [RFE] add some mechanism to pre-populate credentials for libvirt connections
Summary: [RFE] add some mechanism to pre-populate credentials for libvirt connections
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: libvirt
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Daniel Berrangé
QA Contact: Virtualization Bugs
URL:
Whiteboard:
Depends On:
Blocks: 794644
TreeView+ depends on / blocked
 
Reported: 2012-03-20 17:35 UTC by Daniel Berrangé
Modified: 2016-04-26 14:39 UTC (History)
11 users (show)

Fixed In Version: libvirt-0.10.2-0rc1.el6
Doc Type: Enhancement
Doc Text:
Feature: Provide support for a configuration file to allow authentication credentials to be pre-populated, avoiding interactive prompts. Reason: When connecting to libvirt some form of authentication may be required. Typically this results in interactive prompts presented to the user. When automating works scripts / background jobs, interactive prompts cannot be used. A means to pre-populate libvirt authentication credentials is required. Result (if any): The $HOME/.libvirt/auth.conf file can be used to supply authentication credentials for connections.
Clone Of: 794644
Environment:
Last Closed: 2013-02-21 07:09:00 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0276 normal SHIPPED_LIVE Moderate: libvirt security, bug fix, and enhancement update 2013-02-20 21:18:26 UTC

Comment 1 Daniel Berrangé 2012-03-20 17:36:34 UTC
The following patch series adds support to pre-populate libvirt connection credentials using a simple config file

https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html

Comment 8 Dave Allan 2012-08-30 15:59:13 UTC
(In reply to comment #1)
> The following patch series adds support to pre-populate libvirt connection
> credentials using a simple config file
> 
> https://www.redhat.com/archives/libvir-list/2012-March/msg00828.html

Dan, is this work committed, so this BZ can be put in POST?

Comment 9 Dave Allan 2012-09-12 01:52:34 UTC
If this work didn't get committed, please move back to assigned.

Comment 13 Huang Wenlong 2012-09-19 07:43:28 UTC
Hi, Daniel Berrange

I want to verify this bug , could you provide some steps to do that ? 
Thanks very much.


Wenlong

Comment 14 Daniel Berrangé 2012-09-20 20:46:59 UTC
This feature is basically about providing a way to provide a username+ password when connecting to a libvirtd server configured with SASL Digest-MD5

To setup libvirtd auth config for username+password see this section:

   http://libvirt.org/auth.html#ACL_server_username

Check you can connect using virsh, and that you are prompted for username+password.

Next, to configure the libvirt client so that apps like virsh can get password/username from a config file follow this guide:

  http://libvirt.org/auth.html#Auth_client_config

if that is setup correctly, you should now be able to connect with virsh without password

Comment 15 Huang Wenlong 2012-09-21 05:06:00 UTC
Thanks, Daniel Berrange! 

Verify this bug with :
libvirt-0.10.2-0rc1.el6.x86_64 


Server : 
1)add configurations  in /etc/libvirt/libvirtd.conf

listen_tls = 0
listen_tcp = 1
auth_tcp = "sasl"

2) add sasl user 
# saslpasswd2 -a libvirt test
(input your passwd)
# sasldblistusers2 -f /etc/libvirt/passwd.db
test@intel-q9400-4-7.englab.nay.redhat.com: userPassword

3) restart libvirtd 


Client: 
1) add this file in the Client 
# cat /etc/libvirt/auth.conf

[credentials-sasl]
authname=test
password=redhat123

[auth-libvirt-10.66.85.231]
credentials=sasl

2) try to connect to server
#virsh -c qemu+tcp://10.66.85.231/system
Welcome to virsh, the virtualization interactive terminal.

Type:  'help' for help with commands
       'quit' to quit

virsh # 

No need pass to login , so bug is fixed

Comment 17 errata-xmlrpc 2013-02-21 07:09:00 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2013-0276.html


Note You need to log in before you can comment on or make changes to this bug.