On 06/12/2015 12:58 PM, Laine Stump wrote:
On 06/12/2015 12:14 PM, Dan Mossor wrote:
On 06/12/2015 03:48 AM, Daniel P. Berrange wrote:
On Thu, Jun 11, 2015 at 05:26:20PM -0500, Dan Mossor wrote:
I manage libvirtd on a few remote machines, and my security policies
require
me to disable root login via SSH. Up to this point, I've been using
root due
to the systems being in staging, but this is the final step before
they're
moved to production.
What is the current proscribed method of connecting virt-manager or
virsh to
a remote system with a non-root account? I keep getting "authentication
failed: no agent is available to authenticate" with a user that is
in the
kvm and qemu groups on the systems I've tried using the ssh transport.
This guide ought to help you set it up
http://wiki.libvirt.org/page/SSHPolicyKitSetup
Ok, so I finally got it working.
The SSHPolicyKitSetup page at the libvirt wiki states right at the top
that "As of polkit 0.106 the .pkla format is no more, and these
configuration files must be written in Javascript."
Further down the page, it reinforces this statement with "The
information in this section is obsolete; see the top of this page for
more information."
However, both of those statements are incorrect. Following the
directions provided by [1] from the wiki page produced zero results -
the operation still failed with "authentication failed: no agent is
available to authenticate" when attempting to connect. [...]
It sounds like you're volunteering to update the wiki page :-)
(Seriously, auto account creation is disabled on the wiki, but Dan
Berrange has the necessary credentials to create an account for you.)
I'd love to. If one of y'all would contact me off-list with account
instructions/details, I'll get right on it.
Regards,
--
Dan Mossor, RHCSA
Systems Engineer
Fedora Server WG | Fedora KDE WG | Fedora QA Team
Fedora Infrastructure Apprentice
FAS: dmossor IRC: danofsatx
San Antonio, Texas, USA
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list