On Tue, Mar 03, 2009 at 12:52:41PM -0500, Itamar Heim wrote: > > From: libvir-list-bounces@xxxxxxxxxx [mailto:libvir-list- > > bounces@xxxxxxxxxx] On Behalf Of Daniel P. Berrange > ... > > > c) libvirtd is using SASL gssapi on the dst machine. When the src > > machine tries > > > to connect to the dst, it needs to have the right configuration (i.e. > > > /etc/krb5.conf and /etc/sasl2/libvirt.conf need to work), and it also > > has to get > > > some kind of principal from the kerberos server (but which > > principal?). > > > > Each server has a kerberos principal, so I'd expect they can directly > > auth to each other, assuming suitable ACL configs. > [IH] you are assuming anyone using Libvirt will be using Kerberos? No, libvirt supports any SASL auth method - I was just refering to Chris' question about gssapi credentials Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list