Hallo, > > Adding KRB5CCNAME to the ssh command's environment solved the problem. > > > > https://bugzilla.redhat.com/show_bug.cgi?id=736983 > > > > I would like to propose the following patch: > > > > Index: libvirt-0.9.5-rc1/src/rpc/virnetsocket.c > > =================================================================== > > --- libvirt-0.9.5-rc1.orig/src/rpc/virnetsocket.c 2011-09-08 19:37:31.000000000 +0200 > > +++ libvirt-0.9.5-rc1/src/rpc/virnetsocket.c 2011-09-08 19:37:54.000000000 +0200 > > @@ -615,6 +615,7 @@ > > > > cmd = virCommandNew(binary ? binary : "ssh"); > > virCommandAddEnvPassCommon(cmd); > > + virCommandAddEnvPass(cmd, "KRB5CCNAME"); > > virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK"); > > virCommandAddEnvPass(cmd, "SSH_ASKPASS"); > > virCommandAddEnvPass(cmd, "DISPLAY"); > > We should also pass through KRB5_KTNAME I believe There might be legitimate applications that I am completely unaware of. But with regard to gssapi authentication und usage of ssh as client application by libvirt I think this is not necessary. To obtain my credentials I would use an application like heimdal-kcm or k5start or kinit per cronjob. These would need access to a keytab. libvirt itself would only need to know about a keytab if there was a internal mechanism in libvirt to obtain and renew credentials for its own principal. Kind regards! -- Matthias Witte - witte@xxxxxxxxxxxxxx Telefon: +49 (0)211-30 20 33-18 Telefax: +49 (0)211-30 20 33-22 [netzquadrat] GmbH - Gladbacher Str. 74 - 40219 Düsseldorf HRB Düsseldorf 36121 - Geschäftsführer: Thilo Salmon, Tim Mois Steuernummer: 106/5719/1836, Umsatzsteuer-ID: DE246863050 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list