Hi there,
I am experimenting with different security settings for libvirtd, so I
can give sysadmins administrative access to the KVM hypervisor without
giving them root access on the host. I had success using TLS (with
client-certs) and SASL, but have not managed to make polkit and ssh to
work so far.
If I change /etc/libvirt/libvirtd.conf auth_tcp or auth_unix_rw a local
virsh connection gets this error:
"Authorization requires authentication but no agent is available"
Thus I'm using "sasl" for tcp and "none" for the unix socket.
When I try a "qemu+ssh" remote virsh connection evething works fine. But
then I try the same URL using virt-manager, and then try to open a guest
console, virt-manager prompts multiple times for a ssh login password.
Shoudn't virt-manager resue the same ssh connection for guest console
access? And even if it needs to open a new ssh connection for the spice
connection, this should require only one additional ssh login.
But I tried many times, carefully typing the password each time, and I'm
sure they were not typos: virt-manager is actually asking for the ssh
login password many times!
Maybe people who use ssh keys (passwordless) logins didn't notice, but I
think virt-manager should't require more than one addtional ssh
connection per guest console. Is this a bug?
[]s, Fernando Lozano
--
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
