Authentication via SASL and LDAP?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,

I've recently configured a new virtual machine host running Ubuntu 12.04 server with libvirt and KVM. I am configuring WebVirtMgr (https://github.com/retspen/webvirtmgr/) for users to manage machines via a web interface. This requires access to the host using qemu+tcp, which I have configured as follows:

/etc/default/libvirt-bin:
start_libvirtd="yes"
libvirtd_opts="-d -l"

/etc/libvirt/libvirtd.conf:
listen_tls = 0
listen_tcp = 1
unix_sock_group = "libvirtd"
unix_sock_rw_perms = "0770"
auth_unix_ro = "none"
auth_unix_rw = "none"
auth_tcp = "sasl"

The libvirt documentation (http://libvirt.org/auth.html) does not specify if it is possible to use SASL with a different authentication method other than DIGEST-MD5. I would like to authenticate users via LDAP - is this possible? I configured LDAP authentication via SASL as follows:
/etc/sasl2/libvirt.conf 
pwcheck_method: saslauthd
mech_list: PLAIN LOGIN
log_level: 5
saslauthd_path: /var/run/saslauthd/mux
auxprop_plugin: ldap

/etc/saslauthd.conf 
ldap_servers: ldap://ldap_ip_addr:389/
ldap_search_base: ou=People,dc=x-es,dc=com
ldap_auth_method: none
ldap_filter: uid=%u
ldap_version: 3

/etc/default/saslauthd 
START=yes
DESC="SASL Authentication Daemon"
NAME="saslauthd"
MECHANISMS="ldap"
MECH_OPTIONS=""
THREADS=5
OPTIONS="-O /etc/saslauthd.conf -c -m /var/run/saslauthd -r"

Testing the configuration works:
# testsaslauthd -u myuser -p mypass
0: OK "Success."

However, if I attempt to connect over the libvirt TCP connection I am denied:
virsh -c qemu+tcp://my_vm_host/system nodeinfo
error: authentication failed: Failed to start SASL negotiation: -4 (SASL(-4): no mechanism available: )
error: failed to connect to the hypervisor

Do you know what is incorrect in my libvirt config, or is it not possible to authenticate libvirt via SASL+LDAP? If not, is there somewhere that documents all of the supported mechanisms?

Thanks,

Andrew Martin



_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux