Re: Bug 736983 SSH GSSAPI login broken

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hallo,

> > Adding KRB5CCNAME to the ssh command's environment solved the problem.
> > 
> > https://bugzilla.redhat.com/show_bug.cgi?id=736983
> > 
> > I would like to propose the following patch:
> > 
> > Index: libvirt-0.9.5-rc1/src/rpc/virnetsocket.c
> > ===================================================================
> > --- libvirt-0.9.5-rc1.orig/src/rpc/virnetsocket.c       2011-09-08 19:37:31.000000000 +0200
> > +++ libvirt-0.9.5-rc1/src/rpc/virnetsocket.c    2011-09-08 19:37:54.000000000 +0200
> > @@ -615,6 +615,7 @@
> >  
> >      cmd = virCommandNew(binary ? binary : "ssh");
> >      virCommandAddEnvPassCommon(cmd);
> > +    virCommandAddEnvPass(cmd, "KRB5CCNAME");
> >      virCommandAddEnvPass(cmd, "SSH_AUTH_SOCK");
> >      virCommandAddEnvPass(cmd, "SSH_ASKPASS");
> >      virCommandAddEnvPass(cmd, "DISPLAY");
> 
> We should also pass through KRB5_KTNAME I believe

There might be legitimate applications that I am completely unaware of.
But with regard to gssapi authentication und usage of ssh as client
application by libvirt I think this is not necessary.

To obtain my credentials I would use an application like heimdal-kcm or
k5start or kinit per cronjob. These would need access to a keytab.
libvirt itself would only need to know about a keytab if there was a
internal mechanism in libvirt to obtain and renew credentials for its
own principal.

Kind regards!

-- 
Matthias Witte - witte@xxxxxxxxxxxxxx
Telefon: +49 (0)211-30 20 33-18
Telefax: +49 (0)211-30 20 33-22

[netzquadrat] GmbH - Gladbacher Str. 74 - 40219 Düsseldorf
HRB Düsseldorf 36121 - Geschäftsführer: Thilo Salmon, Tim Mois
Steuernummer: 106/5719/1836, Umsatzsteuer-ID: DE246863050

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]